CVE-2022-0172

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0172
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0172.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0172
Aliases
Downstream
Published
2022-01-18T16:51:53Z
Modified
2025-12-04T11:31:01.349929Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0172.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
518f728f72b10d07e8d7362ab6ddca7844e919ec
Fixed
6919c7328157daead98a33da18e42527c383e9b6
Database specific 
{
    "versions": [
        {
            "introduced": "14.6"
        },
        {
            "fixed": "14.6.2"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
490a8efda84a04e31ac41b882d95bb717c202437
Fixed
c0551c59610dd489bcea25bbdabb752e0380e5bb
Database specific 
{
    "versions": [
        {
            "introduced": "14.5"
        },
        {
            "fixed": "14.5.3"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
ce28f708ec5ca68092e16f55e47710367d32f2a1
Fixed
f7475c863e83756c791917626d3a48bce8e3a975
Database specific 
{
    "versions": [
        {
            "introduced": "13.2"
        },
        {
            "fixed": "14.4.5"
        }
    ]
}

Affected versions

v14.*

v14.5.0-ee
v14.5.1-ee
v14.5.2-ee
v14.6.0-ee
v14.6.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0172.json"