CVE-2022-1783

🗓️ 06 Jun 2022 17:00:32Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 2193 Views

An issue in GitLab CE/EE allows malicious group maintainers to bypass member addition settings via REST AP

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2022-1783	6 Jun 202217:15	–	attackerkb
Circl	CVE-2022-1783	7 Jun 202208:16	–	circl
CNNVD	GitLab Enterprise Edition和GitLab Community Edition 安全漏洞	2 Jun 202200:00	–	cnnvd
Cvelist	CVE-2022-1783	6 Jun 202217:00	–	cvelist
Debian CVE	CVE-2022-1783	6 Jun 202217:00	–	debiancve
EUVD	EUVD-2022-25063	3 Oct 202520:07	–	euvd
FreeBSD	Gitlab -- multiple vulnerabilities	1 Jun 202200:00	–	freebsd
Tenable Nessus	FreeBSD : Gitlab -- multiple vulnerabilities (f414d69f-e43d-11ec-9ea4-001b217b3468)	4 Jun 202200:00	–	nessus
Tenable Nessus	GitLab 14.3 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1783)	28 Jun 202200:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab	3 Jun 202200:00	–	ncsc

NVD

Vulners

Node

gitlab gitlabRange14.3.0–14.9.5community

gitlab gitlabRange14.3.0–14.9.5enterprise

gitlab gitlabRange14.10.0–14.10.4community

gitlab gitlabRange14.10.0–14.10.4enterprise

gitlab gitlabMatch15.0.0community

gitlab gitlabMatch15.0.0enterprise

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=15.0.0, <15.0.1"
      },
      {
        "status": "affected",
        "version": ">=14.10.0, <14.10.4"
      },
      {
        "status": "affected",
        "version": ">=14.3, <14.9.5"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1472109
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/353121
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1783.json

21 Nov 2024 06:41Current

3.6Low risk

Vulners AI Score3.6

CVSS 3.12.7

CVSS 24

EPSS0.0047

cve-2022-1783 gitlab ce ee security vulnerability rest api member addition