An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2459.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/336169 | Broken Link Vendor Advisory |
https://hackerone.com/reports/1256967 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
11 Aug 2022, 15:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/1256967 - Permissions Required, Third Party Advisory | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2459.json - Vendor Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/336169 - Broken Link, Vendor Advisory | |
First Time |
Gitlab
Gitlab gitlab |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
CPE | cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:* |
|
CWE | CWE-863 |
05 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-05 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2459
Mitre link : CVE-2022-2459
CVE.ORG link : CVE-2022-2459
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-862
Missing Authorization