Lucene search

K

[email protected]NVD:CVE-2022-3325

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2022-3325

2022-10-1716:15:22

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.

Affected configurations

NVD

Node

gitlabgitlabRange12.8.0–15.2.5community

OR

gitlabgitlabRange12.8.0–15.2.5enterprise

OR

gitlabgitlabRange15.3–15.3.4community

OR

gitlabgitlabRange15.3–15.3.4enterprise

OR

gitlabgitlabRange15.4–15.4.1community

OR

gitlabgitlabRange15.4–15.4.1enterprise

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.json

gitlab.com/gitlab-org/gitlab/-/issues/360819

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

Related for NVD:CVE-2022-3325

prion1 osv2 nessus2 cvelist1 veracode1 debiancve1 ubuntucve1 cve1 wallarmlab1 freebsd1