CVE-2022-4143

Published: Jun 28, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.7.0 to 15.8.5
Gitlab Gitlab	From 15.9.0 to 15.9.4
Gitlab Gitlab	From 15.7.0 to 15.8.5
Gitlab Gitlab	From 15.9.0 to 15.9.4
Gitlab Gitlab	Version 15.10.0
Gitlab Gitlab	Version 15.10.0

Related CWEs

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/383776

Source: cve@gitlab.com

ExploitIssue Tracking

https://hackerone.com/reports/1767639

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/383776

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://hackerone.com/reports/1767639

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.