CVE-2022-4331

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/385050	Broken Link
https://hackerone.com/reports/1791518	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

15 Mar 2023, 15:36

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Gitlab gitlab Gitlab
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~(CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json -~~	(CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json - Vendor Advisory
References	~~(MISC) https://hackerone.com/reports/1791518 -~~	(MISC) https://hackerone.com/reports/1791518 - Permissions Required
References	~~(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385050 -~~	(MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385050 - Broken Link

09 Mar 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-09 22:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-4331

Mitre link : CVE-2022-4331

CVE.ORG link : CVE-2022-4331

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-4331", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.5}]}, "published": "2023-03-09T22:15:51.447", "references": [{"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json", "tags": ["Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/385050", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/1791518", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group."}], "lastModified": "2023-03-15T15:36:49.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CCE868CE-F7B2-43BC-AC81-C92CE4FA877B", "versionEndExcluding": "15.7.8", "versionStartIncluding": "15.1"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "124D53C4-ACD0-4C2A-9E95-5E7E7B1BACF6", "versionEndExcluding": "15.8.4", "versionStartIncluding": "15.8"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "57BB437C-433D-430B-8B1B-3C3B053C9360", "versionEndExcluding": "15.9.2", "versionStartIncluding": "15.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}