CVE-2022-3285 MEDIUM

CVE-2022-3285

Vendor Gitlab
Product GitLab
Published November 9, 2022
Last update May 1, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab

Key dates

02Disclosure timeline

November 9, 2022 CVE published
May 1, 2025 Record updated