CVE-2022-0172

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0172

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0172.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-0172

Aliases

BIT-gitlab-2022-0172

Related

UBUNTU-CVE-2022-0172

Published

2022-01-18T17:15:10Z

Modified

2024-10-11T09:07:25Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

ce28f708ec5ca68092e16f55e47710367d32f2a1

Fixed

f7475c863e83756c791917626d3a48bce8e3a975