CVE-2022-1111
First published: Mon Apr 04 2022(Updated: )
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=14.0.0<14.7.7 | |
| GitLab | >=14.0.0<14.7.7 | |
| GitLab | >=14.8.0<14.8.5 | |
| GitLab | >=14.8.0<14.8.5 | |
| GitLab | >=14.9.0<14.9.2 | |
| GitLab | >=14.9.0<14.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-1111?
The severity of CVE-2022-1111 is low.
How does CVE-2022-1111 affect GitLab CE/EE versions?
CVE-2022-1111 affects GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7.
What is the business logic error in CVE-2022-1111?
The business logic error in CVE-2022-1111 occurs in the Project Import feature of GitLab CE/EE.
What is the impact of CVE-2022-1111?
Under certain conditions, imported projects in GitLab CE/EE may show an incorrect user in the 'Access Granted' column in the project membership pages.
How can I fix CVE-2022-1111?
To fix CVE-2022-1111, it is recommended to upgrade to GitLab CE/EE versions 14.9.2, 14.8.5, or 14.7.7 depending on the affected version.
- agent/references
- agent/author
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/gitlab
- canonical/gitlab
- version/gitlab/14.0.0
- version/gitlab/14.8.0
- version/gitlab/14.9.0