github - ghsa-4wc6-q22j-fx9w

ghsa-4wc6-q22j-fx9w

Vulnerability from github

Published

2022-07-02 00:00

Modified

2022-07-14 00:00

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-01T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project\u0027s error tracking feature.",
  "id": "GHSA-4wc6-q22j-fx9w",
  "modified": "2022-07-14T00:00:17Z",
  "published": "2022-07-02T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2244"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1619583"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360666"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-2244

Vulnerability from cvelistv5

Published

2022-07-01 15:04

Modified

2024-08-03 00:32

Severity

4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.

References

URL	Tags
https://gitlab.com/gitlab-org/gitlab/-/issues/360666	x_refsource_MISC
https://hackerone.com/reports/1619583	x_refsource_MISC
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json	x_refsource_CONFIRM

Impacted products

Vendor	Product
GitLab	GitLab

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1619583"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GitLab",
          "vendor": "GitLab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=14.8, \u003c14.10.5"
            },
            {
              "status": "affected",
              "version": "\u003e=15.0, \u003c15.0.4"
            },
            {
              "status": "affected",
              "version": "\u003e=15.1, \u003c15.1.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project\u0027s error tracking feature."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper authorization in GitLab",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-01T15:04:24",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1619583"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@gitlab.com",
          "ID": "CVE-2022-2244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GitLab",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e=14.8, \u003c14.10.5"
                          },
                          {
                            "version_value": "\u003e=15.0, \u003c15.0.4"
                          },
                          {
                            "version_value": "\u003e=15.1, \u003c15.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GitLab"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project\u0027s error tracking feature."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper authorization in GitLab"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/360666",
              "refsource": "MISC",
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/360666"
            },
            {
              "name": "https://hackerone.com/reports/1619583",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1619583"
            },
            {
              "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-2244",
    "datePublished": "2022-07-01T15:04:24",
    "dateReserved": "2022-06-28T00:00:00",
    "dateUpdated": "2024-08-03T00:32:09.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.