CVE-2022-0740

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0740

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0740.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0740

Aliases

BIT-gitlab-2022-0740

Related

UBUNTU-CVE-2022-0740

Published

2022-04-04T20:15:09Z

Modified

2024-11-21T06:39:17Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

27251058e9bc671de170091fb608bcdd655131ad

Fixed

6d5453caf44cbb4379bebe8a406551db5441a5a2