CVE-2022-0549

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0549

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0549.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0549

Aliases

BIT-gitlab-2022-0549

Related

UBUNTU-CVE-2022-0549

Published

2022-03-28T19:15:08Z

Modified

2024-11-21T06:38:53Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

ce28f708ec5ca68092e16f55e47710367d32f2a1

Fixed

2ef3e89df350d5f8ffc802c04c5f19864249d125