An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.
References
| Link | Resource |
|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0154.json | Third Party Advisory |
| https://gitlab.com/gitlab-org/gitlab/-/issues/29580 | Broken Link |
| https://hackerone.com/reports/605576 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
26 Jan 2022, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Gitlab
Gitlab gitlab |
|
| CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.0 |
| CWE | CWE-352 | |
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* |
|
| References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/29580 - Broken Link | |
| References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0154.json - Third Party Advisory | |
| References | (MISC) https://hackerone.com/reports/605576 - Permissions Required |
18 Jan 2022, 18:01
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-01-18 17:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-0154
Mitre link : CVE-2022-0154
CVE.ORG link : CVE-2022-0154
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-352
Cross-Site Request Forgery (CSRF)