Vulnerabilities > CVE-2022-0390 - Missing Authorization vulnerability in Gitlab

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gitlab
CWE-862
NVD
Published: 2022-04-01
Updated: 2023-08-08

Summary

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.

Vulnerable Configurations

Part Description Count
Application
Gitlab
424

Common Weakness Enumeration (CWE)

References