CVE-2022-2229

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2229

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2229.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2229

Aliases

BIT-gitlab-2022-2229

Downstream

UBUNTU-CVE-2022-2229

Published

2022-07-01T17:15:07Z

Modified

2025-04-06T22:45:10Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

036576a25d67513637c1e2cba5859af47695188e

Fixed

af6735ad95ff7a4578c8548d37ce9e8247385d5e