CVE-2022-1417

CVE-2022-1417

Name

CVE-2022-1417

Description

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.com/gitlab-org/gitlab/-/issues/297282
CONFIRM	https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1417.json
MISC	https://hackerone.com/reports/1075586

Type

URI

MISC

https://gitlab.com/gitlab-org/gitlab/-/issues/297282

CONFIRM

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1417.json

MISC

https://hackerone.com/reports/1075586

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gitlab:gitlab:14.10.0::::enterprise:::`	gitlab	== None	== 14.10.0
`cpe:2.3:a:gitlab:gitlab:::::community:::*`	gitlab	>= 14.9.0	< 14.9.4
`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`	gitlab	>= 8.12.0	< 14.8.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gitlab:gitlab:14.10.0:*:*:*:enterprise:*:*:*

gitlab

== None

== 14.10.0

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

gitlab

>= 14.9.0

< 14.9.4

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

gitlab

>= 8.12.0

< 14.8.6

References

Match rules

Vulnerable and fixed packages