CVE-2022-1111

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-1111
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1111.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-1111
Aliases
Downstream
Published
2022-04-04T19:46:10Z
Modified
2025-11-28T02:34:31.476007Z
Severity
  • 2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1111.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1fdefb34741e329ede520eba6c3038eb48bfa191
Fixed
3034418fb311e288d880c55ee707d9a3eecfe07d
Database specific 
{
    "versions": [
        {
            "introduced": "14.9"
        },
        {
            "fixed": "14.9.2"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1d7d0b0a1db4c69533330ab29c6c0d3bdb17adba
Fixed
fdf232e4acc50b3f86090b2c18253449577616dc
Database specific 
{
    "versions": [
        {
            "introduced": "14.8.0"
        },
        {
            "fixed": "14.8.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0034acfc891b0cbc2ecc4aa4c5ca0d1f89e3c32f
Fixed
6d5453caf44cbb4379bebe8a406551db5441a5a2
Database specific 
{
    "versions": [
        {
            "introduced": "14.0"
        },
        {
            "fixed": "14.7.7"
        }
    ]
}

Affected versions

v14.*

v14.8.0-ee
v14.8.1-ee
v14.8.2-ee
v14.8.3-ee
v14.8.4-ee
v14.9.0-ee
v14.9.1-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1111.json"