Lucene search

Ubuntu.comUB:CVE-2022-2498

HistoryAug 05, 2022 - 12:00 a.m.

CVE-2022-2498

2022-08-0500:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

39.1%

JSON

An issue in pipeline subscriptions in GitLab EE affecting all versions from
12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1
triggered new pipelines with the person who created the tag as the pipeline
creator instead of the subscription’s author.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-2498

nvd.nist.gov/vuln/detail/CVE-2022-2498

security-tracker.debian.org/tracker/CVE-2022-2498

www.cve.org/CVERecord?id=CVE-2022-2498

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for UB:CVE-2022-2498