CVE-2022-2498

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2498

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2498.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2498

Aliases

BIT-gitlab-2022-2498

Related

UBUNTU-CVE-2022-2498

Published

2022-08-05T16:15:12Z

Modified

2024-11-21T07:01:07Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0bd32f788647bb832f3d9eb5746cbda5300e0fa2

Fixed

6b3af3293e0cee73719bbfc4a7d9eacc2e3ead54