PT-2022-15432 · Gitlab · Gitlab Ce/Ee +1
Joaxcaron
·
Published
2022-07-01
·
Updated
2024-03-06
·
CVE-2022-2244
CVSS v3.1
4.3
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Fix
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee
Joaxcaron
·
Published
2022-07-01
·
Updated
2024-03-06
·
CVE-2022-2244
4.3
Medium
| Base vector | Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
GitLab EE/CE versions 14.8 through 14.10.4
GitLab EE/CE versions 15.0 through 15.0.3
GitLab EE/CE versions 15.1 through 15.1.0
Description:
An improper authorization issue affects GitLab EE/CE, allowing project members with the `reporter` role to manage issues in a project's error tracking feature.
Recommendations:
For versions 14.8 through 14.10.4, update to version 14.10.5 or later.
For versions 15.0 through 15.0.3, update to version 15.0.4 or later.
For versions 15.1 through 15.1.0, update to version 15.1.1 or later.
Fix