Vulnerability Database

289,782

Total vulnerabilities in the database

CVE-2022-1193

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances

  • Published: Apr 11, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-1193
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 14.9.0 14.9.2
gitlab / gitlab 14.8.0 14.8.5
gitlab / gitlab 10.7.0 14.7.7