Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-2326
HistoryAug 05, 2022 - 12:00 a.m.

CVE-2022-2326

2022-08-0500:00:00
ubuntu.com
ubuntu.com
30
gitlab
unauthorized access
private projects
unverified email

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

54.7%

An issue has been discovered in GitLab CE/EE affecting all versions before
15.0.5, all versions starting from 15.1 before 15.1.4, all versions
starting from 15.2 before 15.2.1. It may be possible to gain access to a
private project through an email invite by using other user’s email address
as an unverified secondary email.

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

54.7%