← Zuruck zu CVEs
CVE-2022-1783
LOW2.7
Beschreibung
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.
CVE Details
CVSS v3.1 Bewertung2.7
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht6/6/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gitlab:gitlab
Referenzen
https://gitlab.com/gitlab-org/gitlab/-/issues/353121(cve@gitlab.com)
https://hackerone.com/reports/1472109(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1783.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/353121(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1472109(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.