Lucene search

Ubuntu.comUB:CVE-2022-1124

HistoryMay 11, 2022 - 12:00 a.m.

CVE-2022-1124

2022-05-1100:00:00

ubuntu.com

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

An improper authorization issue has been discovered in GitLab CE/EE
affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to
14.9.4, and 14.10.0, allowing Guest project members to access trace log of
jobs when it is enabled

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.json

gitlab.com/gitlab-org/gitlab/-/issues/323552

hackerone.com/reports/1113405

launchpad.net/bugs/cve/CVE-2022-1124

nvd.nist.gov/vuln/detail/CVE-2022-1124

security-tracker.debian.org/tracker/CVE-2022-1124

www.cve.org/CVERecord?id=CVE-2022-1124

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for UB:CVE-2022-1124