CVE-2022-3288

{"id": "CVE-2022-3288", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2022-10-17T16:15:22.507", "references": [{"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json", "tags": ["Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/354948", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/1498354", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected."}, {"lang": "es", "value": "Una confusi\u00f3n de nombre de rama/etiqueta en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a la 15.3 anteriores a 15.3.4 y a la 15.4 anteriores a 15.4.1 permite a un atacante manipular p\u00e1ginas donde era esperado el contenido de la rama por defecto"}], "lastModified": "2022-10-20T14:24:43.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "D5D2A977-BB2E-406A-8EF4-A21C271678F3", "versionEndExcluding": "15.2.5"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C3662260-5645-41E0-AA03-7FD57F06C617", "versionEndExcluding": "15.2.5"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "FA378384-D683-47B4-9AB2-28C565A954CB", "versionEndExcluding": "15.3.4", "versionStartIncluding": "15.3"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "3A4CDDAE-AEDA-40D8-9D36-11535172233D", "versionEndExcluding": "15.3.4", "versionStartIncluding": "15.3"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "71CE99C3-F315-4071-A1B2-FEACE6A3F049", "versionEndExcluding": "15.4.1", "versionStartIncluding": "15.4"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "1605D4DC-D7EA-42BC-B006-8A79C32781CE", "versionEndExcluding": "15.4.1", "versionStartIncluding": "15.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}