Vulnerability Description
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 12.0.0, < 15.2.5 |
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.jsonVendor Advisory
- https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64Permissions RequiredVendor Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.jsonVendor Advisory
- https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64Permissions RequiredVendor Advisory
FAQ
What is CVE-2022-3285?
CVE-2022-3285 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
How severe is CVE-2022-3285?
CVE-2022-3285 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3285?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.