CVE-2022-1193 - CERT CVE
ID CVE-2022-1193
Sažetak Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances
Reference
CVSS
Base: 3.5
Impact: 2.9
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE NONE
CVSS vektor AV:N/AC:M/Au:S/C:P/I:N/A:N
Zadnje važnije ažuriranje 30-09-2022 - 13:10
Objavljeno 11-04-2022 - 20:15