PT-2022-20196 · Gitlab · Gitlab Ce/Ee+1

Joaxcaron

Published

2022-10-17

Updated

2025-05-13

CVE-2022-3060

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to the fixed version

Description The issue is related to improper control of a resource identifier in Error Tracking, allowing an authenticated attacker to generate content that could cause a victim to make unintended arbitrary requests.

Recommendations For GitLab CE/EE versions prior to the fixed version, update to the fixed version to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BIT-GITLAB-2022-3060

CVE-2022-3060

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2022-20196 · Gitlab · Gitlab Ce/Ee+1

CVE-2022-3060

Weakness Enumeration

Related Identifiers

Affected Products

References · 11