An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0125.json | Third Party Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/345564 | Broken Link |
https://hackerone.com/reports/1356100 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
Information
Published : 2022-01-18 17:15
Updated : 2024-02-28 18:48
NVD link : CVE-2022-0125
Mitre link : CVE-2022-0125
CVE.ORG link : CVE-2022-0125
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-862
Missing Authorization