CVE-2022-3482

{"id": "CVE-2022-3482", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-26T21:15:51.793", "references": [{"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json", "tags": ["Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377802", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/1725841", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only"}, {"lang": "es", "value": "Un problema de control de acceso inadecuado en GitLab CE/EE que afect\u00f3 a todas las versiones desde 11.3 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permiti\u00f3 a un usuario no autorizado ver los nombres de las versiones incluso cuando las versiones configuramos como restringido solo a miembros del proyecto"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD3D2ED-9A77-4CEC-B09B-182CD984DA4B", "versionEndExcluding": "15.4.6", "versionStartIncluding": "11.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "34D21C08-2445-4D1D-8FEF-EF01AF1D9371", "versionEndExcluding": "15.4.6", "versionStartIncluding": "11.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C2CF4BFC-D5A9-49F5-AC0E-A5978B8D8CFD", "versionEndExcluding": "15.5.5", "versionStartIncluding": "15.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C734804C-B835-493E-8A2B-556547368D9F", "versionEndExcluding": "15.5.5", "versionStartIncluding": "15.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B5CD27BD-9171-4958-9E31-FA35229B39E7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D1DA9696-F8DA-4C34-AB21-7DE509454B82"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}