CVE-2022-3066
First published: Mon Oct 17 2022(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=10.0.0<15.2.5 | |
| GitLab | >=15.3<15.3.4 | |
| GitLab | >=15.4<15.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3066?
CVE-2022-3066 has been rated as a high severity vulnerability due to unauthorized issue creation by non-privileged users.
How do I fix CVE-2022-3066?
To fix CVE-2022-3066, upgrade your GitLab installation to version 15.2.5 or later, 15.3.4 or later, or 15.4.1 or later depending on your current version.
Who is affected by CVE-2022-3066?
CVE-2022-3066 affects all versions of GitLab starting from 10.0 up to 15.2.5, versions starting from 15.3 up to 15.3.4, and from 15.4 up to 15.4.1.
What is the impact of CVE-2022-3066?
The impact of CVE-2022-3066 allows unauthorized users to create issues in any project, which can compromise project integrity.
When was CVE-2022-3066 disclosed?
CVE-2022-3066 was disclosed in 2022 and affects multiple versions of GitLab.
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/10.0.0
- version/gitlab/15.3
- version/gitlab/15.4