vulnerability

Gitlab: CVE-2022-0549: Unprivileged users can add other users to groups through an API endpoint

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Feb 26, 2022	Mar 1, 2022	Apr 6, 2022

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Feb 26, 2022

Added

Mar 1, 2022

Modified

Apr 6, 2022

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.

Solution

gitlab-cve-2022-0549

References

CVE-2022-0549
https://attackerkb.com/topics/CVE-2022-0549
URL-https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today