CVE-2022-1124 Information

Description

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6 all versions from 14.9.0 prior to 14.9.4 and 14.10.0 allowing Guest project members to access trace log of jobs when it is enabled

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/323552 https://hackerone.com/reports/1113405 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.json

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3