CVE-2022-4205 — Type Confusion in Gitlab

Severity

7.5HIGHNVD

EPSS

0.1%

top 75.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 27

Latest updateJan 28

Description

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

▶NVDgitlab/gitlab1.0.0 — 12.9.8+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=1.0, <12.9.8, >=15.5, <15.5.5, >=15.6, <15.6.1+2

GHSA

GHSA-wqxm-qp29-hp7c: In Gitlab EE/CE before 15↗2023-01-28

▶

OSV

CVE-2022-4205: In Gitlab EE/CE before 15↗2023-01-27

▶

GitLab

CVE-2022-4205: In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.↗2023-01-27

▶

Debian

CVE-2022-4205: gitlab - In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecim...↗2022

▶