Vulnerability Description
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 10.0, < 14.5.4 |
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0344.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/37015ExploitIssue TrackingVendor Advisory
- https://hackerone.com/reports/724880Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0344.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/37015ExploitIssue TrackingVendor Advisory
- https://hackerone.com/reports/724880Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-0344?
CVE-2022-0344 is a vulnerability with a CVSS score of 3.1 (LOW). An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private pr...
How severe is CVE-2022-0344?
CVE-2022-0344 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0344?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.