Lucene search
Veracode Vulnerability DatabaseVERACODE:42473HistoryAug 06, 2023 - 10:02 p.m.
Improper Authorization
2023-08-0622:02:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
gitlab
vulnerability
deploy key
impersonation
malicious code
authorization
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
29.7%
gitlab is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to obtain the public fingerprint and name of a Deploy Key for a public project. This information could then be used to impersonate the project owner and deploy malicious code to the project.
Related
openvas
openvas
osv
osv
CVE-2022-2095
2022-08-05 16:15:11
BIT-gitlab-2022-2095
2024-03-06 11:15:36
prion
prion
Improper access control
2022-08-05 16:15:00
debiancve
debiancve
CVE-2022-2095
2022-08-05 16:15:11
ubuntucve
ubuntucve
CVE-2022-2095
2022-08-05 00:00:00
nvd
nvd
CVE-2022-2095
2022-08-05 16:15:11
cve
cve
CVE-2022-2095
2022-08-05 16:15:11
nessus
nessus
GitLab 13.7 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2095)
2022-08-04 00:00:00
cvelist
cvelist
CVE-2022-2095
2022-08-05 15:12:59
freebsd
freebsd
Gitlab -- multiple vulnerabilities
2022-07-28 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
29.7%
Related for VERACODE:42473