CVE-2022-4037 MEDIUM

CVE-2022-4037

Vendor Gitlab

Product GitLab

Published January 12, 2023

Last update April 8, 2025

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.

Key dates

02Disclosure timeline

January 12, 2023 CVE published

April 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4037

Identifiers

CVE CVE-2022-4037

CVSS 6.4 / MEDIUM

Affected versions

Vendor Gitlab

Product GitLab

Affected >=0.0, <15.5.7

Vendor Gitlab

Product GitLab

Affected >=15.6, <15.6.4

Vendor Gitlab

Product GitLab

Affected >=15.7, <15.7.2