CVE-2022-2498

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-2498
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2498.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2498
Aliases
Published
2022-08-05T16:15:12Z
Modified
2024-05-29T21:34:54Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events