CVE-2022-2498

Sažetak

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

Reference

https://hackerone.com/reports/966824
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2498.json
https://gitlab.com/gitlab-org/gitlab/-/issues/243703

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

11-08-2022 - 15:12

Objavljeno

05-08-2022 - 16:15