Vulnerability Details CVE-2022-2630
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.5%
CVSS Severity
CVSS v3 Score 4.3
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/369429
- https://hackerone.com/reports/1652853
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/369429
- https://hackerone.com/reports/1652853
Products affected by CVE-2022-2630
-
cpe:2.3:a:gitlab:gitlab:15.2
-
cpe:2.3:a:gitlab:gitlab:15.2.0
-
cpe:2.3:a:gitlab:gitlab:15.2.1
-
cpe:2.3:a:gitlab:gitlab:15.2.2
-
cpe:2.3:a:gitlab:gitlab:15.2.3
-
cpe:2.3:a:gitlab:gitlab:15.3
-
cpe:2.3:a:gitlab:gitlab:15.3.0
-
cpe:2.3:a:gitlab:gitlab:15.3.1