Lucene search

Veracode Vulnerability DatabaseVERACODE:41536

HistoryJul 23, 2023 - 2:05 p.m.

Information Disclosure

2023-07-2314:05:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

information disclosure

audit events

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the incorrect authorization during the display of Audit Events, which allows developers to view the project’s Audit Events and developers or maintainers to view the group’s Audit Events.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json

gitlab.com/gitlab-org/gitlab/-/issues/374926

security-tracker.debian.org/tracker/CVE-2022-3413

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for VERACODE:41536