CVE-2022-2459
First published: Fri Aug 05 2022(Updated: )
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 | |
| GitLab | <15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2459?
CVE-2022-2459 has been categorized as a medium severity vulnerability.
How do I fix CVE-2022-2459?
To fix CVE-2022-2459, upgrade GitLab to version 15.0.5 or 15.1.4 and above, or to 15.2.1 or above.
Who is affected by CVE-2022-2459?
CVE-2022-2459 affects all versions of GitLab EE and GitLab CE prior to the specified patched versions.
What kind of issue is CVE-2022-2459?
CVE-2022-2459 allows unauthorized email-invited members to join a project despite restrictions set by the Group Owner.
Is CVE-2022-2459 present in GitLab Community Edition?
Yes, CVE-2022-2459 affects both GitLab Enterprise Edition and GitLab Community Edition prior to the patched versions.
- agent/author
- agent/type
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.1.0
- version/gitlab/15.2