BIT-gitlab-2022-1460

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2022-1460.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-gitlab-2022-1460

Aliases

CVE-2022-1460

Published

2024-03-06T11:15:57.540Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.

Database specific

{
    "cpes": [
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:14.10.0:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:14.10.0:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / gitlab

Package

Name: gitlab
Purl: pkg:bitnami/gitlab

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.2.0

Fixed

14.8.6

Introduced

14.9.0

Fixed

14.9.4

Introduced

14.10.0

Fixed

14.10.1