CVE-2022-4205

Published: Jan 27, 2023Modified: Mar 27, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 1.0.0 to 12.9.8
Gitlab Gitlab	From 15.5.0 to 15.5.5
Gitlab Gitlab	From 1.0.0 to 12.9.8
Gitlab Gitlab	From 15.5.0 to 15.5.5
Gitlab Gitlab	Version 15.6.0
Gitlab Gitlab	Version 15.6.0

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/374082

Source: cve@gitlab.com

ExploitIssue TrackingVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/374082

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.