CVE-2022-0090

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0090

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0090.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0090

Aliases

BIT-gitlab-2022-0090

Downstream

UBUNTU-CVE-2022-0090

Published

2022-01-18T16:52:09Z

Modified

2025-12-04T10:29:52.646109Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0090.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitaly

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitaly

Events

Introduced

Fixed

ad3a4c1ae8eb32ec2eaef94234178fbfb588b3c0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.4.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitaly

Events

Introduced

32307f776ceaeb99699c367e6a98e225c9c30474

Fixed

084e3da73d0ee29659018e4d856cbae7efc13591

Database specific

{
    "versions": [
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitaly

Events

Introduced

b7ed739365ce6c15aad81faaf6367151d701ce85

Fixed

df2e033211402f1b88c490bc002cc99776231983

Database specific

{
    "versions": [
        {
            "introduced": "14.6.0"
        },
        {
            "fixed": "14.6.1"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.1-test-7

v0.0.1-test-8

v0.1.0

v0.10.0

v0.100.0

v0.101.0

v0.102.0

v0.103.0

v0.104.0

v0.105.0

v0.106.0

v0.107.0

v0.108.0

v0.109.0

v0.11.0

v0.11.1

v0.11.2

v0.110.0

v0.111.0

v0.112.0

v0.113.0

v0.114.0

v0.115.0

v0.116.0

v0.117.0

v0.118.0

v0.119.0

v0.12.0

v0.120.0

v0.121.0

v0.122.0

v0.123.0

v0.124.0

v0.125.0

v0.126.0

v0.127.0

v0.128.0

v0.129.0

v0.13.0

v0.130.0

v0.131.0

v0.132.0

v0.133.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.20.0

v0.21.0

v0.21.1

v0.21.2

v0.22.0

v0.23.0

v0.24.0

v0.24.1

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.38.0

v0.39.0

v0.4.0

v0.40.0

v0.41.0

v0.42.0

v0.43.0

v0.44.0

v0.45.1

v0.46.0

v0.47.0

v0.48.0

v0.49.0

v0.5.0

v0.50.0

v0.51.0

v0.52.0

v0.53.0

v0.54.0

v0.55.0

v0.56.0

v0.57.0

v0.58.0

v0.59.0

v0.6.0

v0.60.0

v0.61.0

v0.61.1

v0.62.0

v0.63.0

v0.64.0

v0.65.0

v0.66.0

v0.67.0

v0.68.0

v0.69.0

v0.7.0

v0.70.0

v0.71.0

v0.72.0

v0.73.0

v0.74.0

v0.75.0

v0.76.0

v0.77.0

v0.78.0

v0.79.0

v0.8.0

v0.80.0

v0.81.0

v0.82.0

v0.83.0

v0.84.0

v0.85.0

v0.86.0

v0.87.0

v0.88.0

v0.89.0

v0.9.0

v0.90.0

v0.91.0

v0.92.0

v0.93.0

v0.94.0

v0.95.0

v0.96.1

v0.97.0

v0.98.0

v0.99.0

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.19.1

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.35.1

v1.36.0

v1.37.0

v1.38.0

v1.39.0

v1.4.0

v1.40.0

v1.41.0

v1.42.0

v1.43.0

v1.44.0

v1.45.0

v1.46.0

v1.47.0

v1.48.0

v1.49.0

v1.5.0

v1.50.0

v1.51.0

v1.53.0

v1.56.0

v1.57.0

v1.58.0

v1.59.0

v1.6.0

v1.60.0

v1.61.0

v1.62.0

v1.63.0

v1.64.0

v1.65.0

v1.66.0

v1.67.0

v1.68.0

v1.69.0

v1.7.0

v1.70.0

v1.71.0

v1.72.0

v1.73.0

v1.74.0

v1.75.0

v1.76.0

v1.77.0

v1.78.0

v1.79.0

v1.8.0

v1.80.0

v1.81.0

v1.82.0

v1.83.0

v1.84.0

v1.85.0

v1.86.0

v1.87.0

v1.9.0

v12.*

v12.10.0

v12.10.0-rc1

v12.8.0

v12.8.0-rc42

v12.9.0

v12.9.0-rc1

v12.9.0-rc2

v12.9.0-rc3

v12.9.0-rc4

v12.9.0-rc42

v12.9.0-rc5

v13.*

v13.0.0

v13.0.0-rc1

v13.0.0-rc2

v13.1.0

v13.1.0-rc1

v13.1.0-rc2

v13.1.0-rc3

v13.1.0-rc4

v13.11.0-rc1

v13.12.0-rc1

v13.2.0

v13.2.0-rc1

v13.2.0-rc2

v13.3.0-rc1

v13.3.0-rc2

v13.3.0-rc3

v13.3.0-rc4

v13.3.0-rc5

v13.4.0

v13.4.0-rc1

v13.4.0-rc2

v13.5.0-rc1

v13.5.0-rc2

v13.7.0-rc1

v13.7.0-rc2

v13.7.0-rc3

v13.7.0-rc4

v13.8.0-rc1

v13.8.0-rc2

v13.8.0-rc3

v13.9.0-rc1

v14.*

v14.0.0-rc1

v14.0.0-rc2

v14.1.0-rc1

v14.1.0-rc2

v14.1.0-rc3

v14.1.0-rc4

v14.2.0-rc1

v14.2.0-rc2

v14.3.0-rc1

v14.3.0-rc2

v14.4.0

v14.4.0-rc42

v14.4.0-rc44

v14.4.0-rc45

v14.4.1

v14.4.2

v14.4.3

v14.4.4

v14.5.0

v14.5.1

v14.5.2

v14.6.0

Other

vtest-5

vtest-6

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f7475c863e83756c791917626d3a48bce8e3a975

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v1.*

v1.0.2

v1.1.0pre

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v10.*

v10.1.0.pre

v10.2.0.pre

v10.3.0.pre

v10.4.0.pre

v10.5.0.pre

v10.6.0.pre

v10.7.0.pre

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0.pre

v11.3.0.pre

v14.*

v14.4.0-ee

v14.4.0-rc42-ee

v14.4.0-rc43-ee

v14.4.0-rc44-ee

v14.4.0-rc45-ee

v14.4.1-ee

v14.4.2-ee

v14.4.3-ee

v14.4.4-ee

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.2.0pre

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v5.3.0

v6.*

v6.0.0

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.0

v6.2.1

v6.2.2

v6.3.0

v6.3.0-ee

v6.3.1-ee

v6.4.0

v6.4.0-ee

v6.4.0.pre1

v6.4.0.pre2

v6.4.0.pre3

v6.4.1

v6.4.2

v6.4.3

v6.5.0

v6.5.0-ee

v6.5.0.rc1

v6.5.1

v6.6.0

v6.6.0-ee

v6.6.0.pre1

v6.6.0.rc1

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0

v6.8.0-ee

v6.8.0.rc1

v6.8.1

v6.9.0.rc1

v7.*

v7.0.0

v7.0.0-ee

v7.0.0.rc1

v7.1.0

v7.1.0-ee

v7.1.0.rc1

v7.1.0.rc1-ee

v7.2.0.rc1

v7.2.0.rc1-ee

v7.2.0.rc2

v7.2.0.rc2-ee

v7.2.0.rc3

v7.2.0.rc3-ee

v7.2.0.rc4

v7.2.0.rc4-ee

v7.2.0.rc5

v7.2.0.rc5-ee

v7.3.0

v7.3.0-ee

v7.3.0.rc1

v7.3.0.rc1-ee

v7.4.0

v7.4.0-ee

v7.4.1

v7.4.1-ee

v7.4.2

v7.4.2-ee

v7.4.3

v7.4.3-ee

v7.4.4-ee

v8.*

v8.10.0.pre

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.0.pre

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.13.0.pre

v8.14.0.pre

v8.15.0.pre

v8.16.0.pre

v8.17.0.pre

v8.18.0.pre

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.4.0.rc1

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

v9.*

v9.1.0.pre

v9.2.0.pre

v9.3.0.pre

v9.5.0.pre

v9.6.0.pre