Vulnerability Description
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 14.8.0, < 14.10.5 |
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/360666Broken Link
- https://hackerone.com/reports/1619583Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/360666Broken Link
- https://hackerone.com/reports/1619583Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2244?
CVE-2022-2244 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to...
How severe is CVE-2022-2244?
CVE-2022-2244 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2244?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.