CVE-2022-3067

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3067

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3067.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3067

Aliases

BIT-gitlab-2022-3067

Related

UBUNTU-CVE-2022-3067

Published

2022-10-17T16:15:22Z

Modified

2024-12-13T21:09:46Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

0b24f0547393a5606b1ec7e4e31cfeab4bce5cab