CVE-2022-0125

An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 06:37

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0125.json - Third Party Advisory () https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0125.json - Third Party Advisory
References () https://gitlab.com/gitlab-org/gitlab/-/issues/345564 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/345564 - Broken Link
References () https://hackerone.com/reports/1356100 - Permissions Required () https://hackerone.com/reports/1356100 - Permissions Required

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-269 CWE-862

Information

Published : 2022-01-18 17:15

Updated : 2024-11-21 06:37


NVD link : CVE-2022-0125

Mitre link : CVE-2022-0125

CVE.ORG link : CVE-2022-0125


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-862

Missing Authorization