CVE-2022-4143 MEDIUM

CVE-2022-4143

Vendor Gitlab
Product GitLab
Published June 28, 2023
Last update December 3, 2024

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

Key dates

02Disclosure timeline

June 28, 2023 CVE published
December 3, 2024 Record updated