vulnerability

Gitlab: CVE-2022-0549: Unprivileged users can add other users to groups through an API endpoint

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	2022-02-26	2022-03-01	2022-04-06

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

2022-02-26

Added

2022-03-01

Modified

2022-04-06

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.

Solution

gitlab-cve-2022-0549

References

CVE-2022-0549
https://attackerkb.com/topics/CVE-2022-0549
URL-https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today