CVE-2022-0549

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0549
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0549.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0549
Aliases
Related
Published
2022-03-28T19:15:08Z
Modified
2024-11-21T06:38:53Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events