CVE-2022-1999

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-1999
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1999.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1999
Aliases
Downstream
Published
2022-07-01T16:06:59Z
Modified
2026-04-10T04:42:59.116486Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1999.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
294482f38388542b43b908dcb427759544a7486f
Fixed
af6735ad95ff7a4578c8548d37ce9e8247385d5e
Database specific 
{
    "versions": [
        {
            "introduced": "8.13"
        },
        {
            "fixed": "14.10.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b397c1753233301037d0ca3caae23ce116505d3
Fixed
81f47cb467e3387cea11b909ea6b977e28b3b4d2
Database specific 
{
    "versions": [
        {
            "introduced": "15.0"
        },
        {
            "fixed": "15.0.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
31c24d2d8643ee22211ef544a4538c4420e96dc9
Fixed
61c8658b23e2cc1116acb740418d99c6d227e13f
Database specific 
{
    "versions": [
        {
            "introduced": "15.1"
        },
        {
            "fixed": "15.1.1"
        }
    ]
}

Affected versions

v15.*
v15.0.0-ee
v15.0.2-ee
v15.0.3-ee
v15.1.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1999.json"