CVE-2022-3285

Source
https://cve.org/CVERecord?id=CVE-2022-3285
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3285.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3285
Aliases
Downstream
Published
2022-11-09T00:00:00Z
Modified
2026-04-10T04:48:20.828861Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3285.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Database specific
{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "15.2.5"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "15.2.5"
        },
        {
            "introduced": "15.3.0"
        },
        {
            "fixed": "15.3.4"
        },
        {
            "introduced": "15.3.0"
        },
        {
            "fixed": "15.3.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.4.0"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v15.*
v15.2.0-ee
v15.2.0-rc42-ee
v15.2.2-ee
v15.3.0-ee
v15.3.3-ee
v15.4.0-ee
v15.4.0-rc42-ee
v15.4.0-rc43-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3285.json"