Vulnerability Description
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 14.5.0, < 15.3.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/374926Broken LinkVendor Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/374926Broken LinkVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/374926Broken LinkVendor Advisory
FAQ
What is CVE-2022-3413?
CVE-2022-3413 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the pro...
How severe is CVE-2022-3413?
CVE-2022-3413 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3413?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.