An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/360372 | Exploit Issue Tracking Vendor Advisory |
https://hackerone.com/reports/1542834 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Oct 2022, 14:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3331.json - Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1542834 - Permissions Required, Third Party Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/360372 - Exploit, Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
17 Oct 2022, 17:56
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-17 16:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-3331
Mitre link : CVE-2022-3331
CVE.ORG link : CVE-2022-3331
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-639
Authorization Bypass Through User-Controlled Key