CVE-2022-4143

Published Jun 28, 2023

Last updated a year ago

Overview

Description
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
Source
cve@gitlab.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
3.6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-367

Social media

Hype score
Not currently trending

Configurations