CVE-2022-1999

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1999

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1999.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1999

Aliases

BIT-gitlab-2022-1999

Downstream

UBUNTU-CVE-2022-1999

Published

2022-07-01T16:06:59Z

Modified

2025-11-28T02:33:50.545334Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1999.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

294482f38388542b43b908dcb427759544a7486f

Fixed

af6735ad95ff7a4578c8548d37ce9e8247385d5e

Database specific

{
    "versions": [
        {
            "introduced": "8.13"
        },
        {
            "fixed": "14.10.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

3b397c1753233301037d0ca3caae23ce116505d3

Fixed

81f47cb467e3387cea11b909ea6b977e28b3b4d2

Database specific

{
    "versions": [
        {
            "introduced": "15.0"
        },
        {
            "fixed": "15.0.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

31c24d2d8643ee22211ef544a4538c4420e96dc9

Fixed

61c8658b23e2cc1116acb740418d99c6d227e13f

Database specific

{
    "versions": [
        {
            "introduced": "15.1"
        },
        {
            "fixed": "15.1.1"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v10.*

v10.1.0.pre

v10.2.0.pre

v10.3.0.pre

v10.4.0.pre

v10.5.0.pre

v10.6.0.pre

v10.7.0.pre

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0.pre

v11.3.0.pre

v14.*

v14.10.0-ee

v14.10.0-rc42-ee

v14.10.1-ee

v14.10.2-ee

v14.10.3-ee

v14.10.4-ee

v15.*

v15.0.0-ee

v15.0.1-ee

v15.0.2-ee

v15.0.3-ee

v15.1.0-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.13.0.pre

v8.14.0.pre

v8.15.0.pre

v8.16.0.pre

v8.17.0.pre

v8.18.0.pre

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

v9.*

v9.1.0.pre

v9.2.0.pre

v9.3.0.pre

v9.5.0.pre

v9.6.0.pre

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1999.json"