CVE-2023-2022
published 2023-08-02CVE-2023-2022: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.39%
31.0th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.0.8+ds1-1 (sid) | gitlab 16.0.8+ds1-1 (sid) |
| giflib_project | giflib | >= 0 < 5.1.9-1ubuntu0.1 | 5.1.9-1ubuntu0.1 |
| giflib_project | giflib | >= 0 < 5.1.9-2ubuntu0.1 | 5.1.9-2ubuntu0.1 |
| giflib_project | giflib | >= 0 < 5.1.4-0.3~16.04.1+esm1 | 5.1.4-0.3~16.04.1+esm1 |
| giflib_project | giflib | >= 0 < 5.1.4-2ubuntu0.1+esm1 | 5.1.4-2ubuntu0.1+esm1 |
| gitlab | gitlab | < 16.0.8 | 16.0.8 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.1 < 16.1.3 | 16.1.3 |
| gitlab | gitlab | >= 16.1.0 < 16.1.3 | 16.1.3 |
| gitlab | gitlab | >= 16.2 < 16.2.2 | 16.2.2 |
| gitlab | gitlab | >= 16.2.0 < 16.2.2 | 16.2.2 |
| gitlab | gitlab_ce | — | — |
| mozilla | firefox | — | — |
| rarlab | rar | >= 0 < 2:6.23-1~20.04.1 | 2:6.23-1~20.04.1 |
| rarlab | rar | >= 0 < 2:6.23-1~22.04.1 | 2:6.23-1~22.04.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv8.8HIGH
vendor_oracle9.8CRITICAL
vendor_redhat5.5MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
rar vulnerabilities
osv·2025-03-12·CVSS 7.5
CVE-2022-30333 rar vulnerabilities
rar vulnerabilities
It was discovered that RAR incorrectly handled certain paths. If a user or
automated system were tricked into extracting a specially crafted RAR
archive, a remote attacker could possibly use this issue to write arbitrary
files outside of the targeted directory. (CVE-2022-30333)
It was discovered that RAR incorrectly handled certain recovery volumes. If
a user or automated system were tricked into extracting a specially crafted
RAR archive, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-40477)
OSV
giflib vulnerabilities
osv·2024-06-10·CVSS 8.8
CVE-2021-40633 giflib vulnerabilities
giflib vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-40633, CVE-2022-28506, CVE-2023-39742)
OSV
CVE-2023-2022: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16
osv·2023-08-02·CVSS 4.3
CVE-2023-2022 [MEDIUM] CVE-2023-2022: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
GHSA
GHSA-3cgp-mpf6-c8vw: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16
ghsa_unreviewed·2023-08-02
CVE-2023-2022 [MEDIUM] CWE-262 GHSA-3cgp-mpf6-c8vw: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
OSV
linux-bluefield vulnerabilities
osv·2023-04-05·CVSS 5.5
CVE-2023-0461 linux-bluefield vulnerabilities
linux-bluefield vulnerabilities
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the NVMe driver in the Linux kernel did not properly
handle reset events in some situations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-3169)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
c
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
GitLab
CVE-2023-2022: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all version
vendor_gitlab·2023-08-02·CVSS 4.3
CVE-2023-2022 [MEDIUM] CWE-262 CVE-2023-2022: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all version
CVE-2023-2022: An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Base (Spring Security) — CVE-2022-22978
vendor_oracle·2023-04-15·CVSS 9.8
CVE-2022-22978 [CRITICAL] Oracle Oracle Financial Services Applications Risk Matrix: Base (Spring Security) — CVE-2022-22978
Oracle Oracle Financial Services Applications Risk Matrix: Base (Spring Security) vulnerability
CVE: CVE-2022-22978
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security Component (XStream) — CVE-2022-41966
vendor_oracle·2023-04-15·CVSS 7.5
CVE-2022-41966 [HIGH] Oracle Oracle Communications Applications Risk Matrix: Security Component (XStream) — CVE-2022-41966
Oracle Oracle Communications Applications Risk Matrix: Security Component (XStream) vulnerability
CVE: CVE-2022-41966
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Moment.js) — CVE-2022-31129
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-31129 [HIGH] Oracle Oracle Communications Risk Matrix: Install/Upgrade (Moment.js) — CVE-2022-31129
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Moment.js) vulnerability
CVE: CVE-2022-31129
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
Debian
CVE-2023-2022: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting bef...
vendor_debian·2023·CVSS 4.3
CVE-2023-2022 [MEDIUM] CVE-2023-2022: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting bef...
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge
Scope: local
sid: resolved (fixed in 16.0.8+ds1-1)
Mozilla
Mozilla Foundation Security Advisory 2023-03: CVE-2022-46877
vendor_mozilla·CVSS 4.3
CVE-2022-46877 [MEDIUM] Mozilla Foundation Security Advisory 2023-03: CVE-2022-46877
Mozilla Foundation Security Advisory 2023-03
CVE: CVE-2022-46877
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 102.7
No detection rules found.
No public exploits indexed.
Checkpoint
31st October – Threat Intelligence Report
blogs_checkpoint·2022-10-31
CVE-2022-3723 31st October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US-based communications company Twilio has disclosed a new data breach that occurred on June 2022 allegedly by the same threat actors behind the August hack. The hackers have used voice phishing to trick a Twilio employee into handling over their credentials, which the hackers then used to access customer information.
Cu
Checkpoint
10th October – Threat Intelligence Report
blogs_checkpoint·2022-10-10
CVE-2022-41352 10th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CommonSpirit Health, the second-largest nonprofit hospital chain in the U.S with 140 hospitals and over 1,000 facilities in 21 states, suffered a cybersecurity incident that disrupted medical services across the country. Facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. The nature of the at
Checkpoint
28th June – Threat Intelligence Report
blogs_checkpoint·2021-06-28
CVE-2021-21998 28th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russian-based threat group Nobelium is using password spraying and brute force attacks to gain access to corporate networks. The group, which was behind the SolarWinds supply-chain attack, deployed an information-stealing Trojan on a Microsoft customer support agent’s computer to steal information. Over half of the targets were
2023-08-02
Published