CVE-2022-1426

Sažetak

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/296866
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1426.json
https://hackerone.com/reports/1070097

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

18-05-2022 - 20:21

Objavljeno

11-05-2022 - 15:15