CVE-2022-0390
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
Un control de acceso inapropiado en Gitlab CE/EE versiones 12.7 a 14.5.4, 14.6 a 14.6.4 y 14.7 a 14.7.1, permitÃa a personas que no eran miembros del proyecto recuperar los detalles de las incidencias cuando estaban vinculadas a un elemento del panel de control de vulnerabilidades
*Credits:
Thanks [wi11](https://hackerone.com/wi11) for reporting this vulnerability through our HackerOne bug bounty program
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-27 CVE Reserved
- 2022-04-01 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0390.json | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/330030 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 12.7.0 <= 14.5.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 12.7.0 <= 14.5.4" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 12.7.0 <= 14.5.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 12.7.0 <= 14.5.4" | enterprise |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 14.6.0 <= 14.6.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 14.6.0 <= 14.6.4" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 14.6.0 <= 14.6.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 14.6.0 <= 14.6.4" | enterprise |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 14.7.0 Search vendor "Gitlab" for product "Gitlab" and version "14.7.0" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 14.7.0 Search vendor "Gitlab" for product "Gitlab" and version "14.7.0" | enterprise |
Affected
| ||||||