CVE-2022-2456
First published: Fri Aug 05 2022(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 | |
| GitLab | <15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2456?
CVE-2022-2456 has a medium severity rating, indicating potential risks for affected GitLab installations.
How do I fix CVE-2022-2456?
To remediate CVE-2022-2456, upgrade your GitLab instance to version 15.0.5, 15.1.4 or later, or 15.2.1 or later.
What versions of GitLab are affected by CVE-2022-2456?
CVE-2022-2456 affects all GitLab versions prior to 15.0.5 and certain versions between 15.1.0 to 15.1.4 and 15.2.0 to 15.2.1.
What type of vulnerability is CVE-2022-2456?
CVE-2022-2456 is a privilege escalation vulnerability that allows project or group maintainers to alter visibility settings.
Is there a workaround for CVE-2022-2456?
There are no publicly listed workarounds for CVE-2022-2456; upgrading is the recommended action.
- agent/author
- agent/type
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.1.0
- version/gitlab/15.2