LOW🇵🇱 Wersja polska

CVE-2022-3375

CVSS 3.1v3.1pub. 2023-04-05upd. 2025-02-10

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
  • GitLab

    APP
    Gitlab
    15.10.011.10.0 – 15.8.5 (bez)15.9.0 – 15.9.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
CI/CD
CWE
References

Related vulnerabilities

CVE-2023-7028CRITICAL10.0⚠ KEVPL ✓ten sam produkt

GitLab: Przejęcie konta przez reset hasła na niezweryfikowany e-mail

CVE-2021-22205CRITICAL10.0⚠ KEVten sam produkt

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properl...

CVE-2024-7102CRITICAL9.6PL ✓ten sam produkt

GitLab CE/EE: uruchomienie pipeline jako inny użytkownik (privilege escalation)

CVE-2024-9164CRITICAL9.6PL ✓ten sam produkt

GitLab EE: uruchamianie pipeline CI/CD na dowolnych gałęziach bez autoryzacji

CVE-2024-6678CRITICAL9.9PL ✓ten sam produkt

GitLab CE/EE — uruchomienie pipeline jako dowolny użytkownik (CWE-290)