CVE-2022-2326

Name
CVE-2022-2326
Description
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/gitlab-org/gitlab/-/issues/356665
MISC https://hackerone.com/reports/1517554
CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2326.json

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= None < 15.0.5
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= 15.1.0 < 15.1.4
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:* gitlab == None == 15.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status