Lucene search

CVE-2022-4167

🗓️ 12 Jan 2023 04:10:15Reported by GitLabType

CVE-2022-4167 Incorrect Authorization check in GitLab EE allows group access tokens to persist

Reporter	Title	Published	Views	Family All 11
OSV	CVE-2022-4167	12 Jan 202304:15	–	osv
OSV	BIT-gitlab-2022-4167	6 Mar 202411:13	–	osv
UbuntuCve	CVE-2022-4167	12 Jan 202300:00	–	ubuntucve
NVD	CVE-2022-4167	12 Jan 202304:15	–	nvd
Tenable Nessus	GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4167)	8 Feb 202300:00	–	nessus
Tenable Nessus	GitLab 13.11 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4167)	3 Jan 202400:00	–	nessus
Tenable Nessus	FreeBSD : Gitlab -- Multiple Vulnerabilities (3a023570-91ab-11ed-8950-001b217b3468)	11 Jan 202300:00	–	nessus
Prion	Authorization	12 Jan 202304:15	–	prion
Debian CVE	CVE-2022-4167	12 Jan 202304:15	–	debiancve
Cvelist	CVE-2022-4167	12 Jan 202300:00	–	cvelist

Nvd

Vulners

Node

gitlab gitlabRange13.11.0–15.5.7enterprise

gitlab gitlabRange15.6.0–15.6.4enterprise

gitlab gitlabRange15.7.0–15.7.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "versions": [
      {
        "version": ">=13.11, <15.5.7",
        "status": "affected"
      },
      {
        "version": ">=15.6, <15.6.4",
        "status": "affected"
      },
      {
        "version": ">=15.7, <15.7.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/367740
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jan 2023 04:15Current

7.2High risk

Vulners AI Score7.2

CVSS35.3 - 7.5

EPSS0.00062

CWE-863