An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.
References
| Link | Resource |
|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json | Vendor Advisory |
| https://gitlab.com/gitlab-org/gitlab/-/issues/359910 | Broken Link Vendor Advisory |
| https://hackerone.com/reports/1536559 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Aug 2023, 14:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-Other |
11 Aug 2022, 15:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://hackerone.com/reports/1536559 - Permissions Required, Third Party Advisory | |
| References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json - Vendor Advisory | |
| References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/359910 - Broken Link, Vendor Advisory | |
| First Time |
Gitlab
Gitlab gitlab |
|
| CPE | cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:* |
|
| CWE | CWE-863 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
05 Aug 2022, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-08-05 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2456
Mitre link : CVE-2022-2456
CVE.ORG link : CVE-2022-2456
JSON object : View
Products Affected
gitlab
- gitlab
CWE