CVE-2022-0154 Information
Jun 07, 2022
cve
Description
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5 all versions starting from 14.5.0 before 14.5.3 all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Reference
https://gitlab.com/gitlab-org/gitlab/-/issues/29580 https://hackerone.com/reports/605576 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0154.json
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.0
Share on: