Vulnerabilities > CVE-2022-1352 - Authorization Bypass Through User-Controlled Key vulnerability in Gitlab

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gitlab
CWE-639
NVD
Published: 2022-05-11
Updated: 2022-05-19

Summary

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

Vulnerable Configurations

Part Description Count
Application
Gitlab
952

Common Weakness Enumeration (CWE)

References