CVE-2022-1105

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1105
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1105.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1105
Aliases
Downstream
Published
2022-04-04T19:46:04Z
Modified
2025-12-04T11:33:19.424121Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1105.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
47f41a4a74f364c731aafd34a93bddb630f62230
Fixed
6d5453caf44cbb4379bebe8a406551db5441a5a2
Database specific 
{
    "versions": [
        {
            "introduced": "13.11"
        },
        {
            "fixed": "14.7.7"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1d7d0b0a1db4c69533330ab29c6c0d3bdb17adba
Fixed
fdf232e4acc50b3f86090b2c18253449577616dc
Database specific 
{
    "versions": [
        {
            "introduced": "14.8"
        },
        {
            "fixed": "14.8.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1fdefb34741e329ede520eba6c3038eb48bfa191
Fixed
3034418fb311e288d880c55ee707d9a3eecfe07d
Database specific 
{
    "versions": [
        {
            "introduced": "14.9"
        },
        {
            "fixed": "14.9.2"
        }
    ]
}

Affected versions

v14.*

v14.8.0-ee
v14.8.1-ee
v14.8.2-ee
v14.8.3-ee
v14.8.4-ee
v14.9.0-ee
v14.9.1-ee