CVE-2022-2907

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

25 Jan 2023, 03:26

Type Values Removed Values Added
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json - Vendor Advisory
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/349388 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/349388 - Broken Link
References (MISC) https://hackerone.com/reports/1417680 - (MISC) https://hackerone.com/reports/1417680 - Permissions Required, Third Party Advisory
First Time Gitlab gitlab
Gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE NVD-CWE-noinfo

17 Jan 2023, 23:01

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-17 21:15

Updated : 2023-01-25 03:26


NVD link : CVE-2022-2907

Mitre link : CVE-2022-2907


JSON object : View

Products Affected

gitlab

  • gitlab