CVE-2022-0154

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitLab versions 7.7 through 14.4.4 GitLab versions 14.5.0 through 14.5.2 GitLab versions 14.6.0 through 14.6.1

Description The issue allows a malicious user to perform a Cross-Site Request Forgery attack, enabling them to import their GitHub project into another GitLab user's account.

Recommendations For GitLab versions 7.7 through 14.4.4, update to version 14.4.5 or later. For GitLab versions 14.5.0 through 14.5.2, update to version 14.5.3 or later. For GitLab versions 14.6.0 through 14.6.1, update to version 14.6.2 or later.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BIT-GITLAB-2022-0154

CVE-2022-0154

Affected Products

Gitlab

CVE-2022-0154

Weakness Enumeration

Related Identifiers

Affected Products

References · 10