CVE-2022-4037 - CERT CVE
ID CVE-2022-4037
Sažetak An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.
Reference
CVSS
Base: 8.5
Impact: 6.0
Exploitability:1.8
Pristup
VektorSloženostAutentikacija
NETWORK HIGH -
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Zadnje važnije ažuriranje 20-01-2023 - 15:34
Objavljeno 12-01-2023 - 04:15