CVE-2022-4365 — Incorrect Permission Assignment in Gitlab
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 12
Latest updateOct 8
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages5 packages
🔴Vulnerability Details
4OSV▶
CVE-2023-4378: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11↗2023-09-01
GHSA▶
GHSA-mp7g-3r25-fq9v: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11↗2023-09-01
GHSA▶
GHSA-cqj2-v4jv-jmhc: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11↗2023-01-12
OSV▶
CVE-2022-4365: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11↗2023-01-12
📋Vendor Advisories
4GitLab▶
CVE-2023-4378: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, a↗2023-09-01
GitLab▶
CVE-2022-4365: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, a↗2023-01-12
Debian▶
CVE-2023-4378: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2023
Debian▶
CVE-2022-4365: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2022