CVE-2022-4167

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4167

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4167.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4167

Aliases

BIT-gitlab-2022-4167

Related

UBUNTU-CVE-2022-4167

Published

2023-01-12T04:15:10Z

Modified

2025-02-18T21:40:44Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

47f41a4a74f364c731aafd34a93bddb630f62230

Fixed

cf58d7f15063b90d57456039739fdd02b2fedad9