| Vulnerability Name: | CVE-2022-1999 (CCN-230374) | ||||||||||||
| Assigned: | 2022-07-01 | ||||||||||||
| Published: | 2022-07-01 | ||||||||||||
| Updated: | 2022-07-13 | ||||||||||||
| Summary: | An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
2.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-1999 Source: XF Type: UNKNOWN gitlab-cve20221999-sec-bypass(230374) Source: CCN Type: GitHub Web site CVE-2022-1999 Source: CONFIRM Type: Vendor Advisory https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1999.json Source: MISC Type: Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/357963 Source: CCN Type: Mend Vulnerability Database CVE-2022-1999 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||