CVE-2022-3067
First published: Mon Oct 17 2022(Updated: )
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=14.4<15.2.5 | |
| GitLab | >=14.4<15.2.5 | |
| GitLab | >=15.3<15.3.4 | |
| GitLab | >=15.3<15.3.4 | |
| GitLab | >=15.4<15.4.1 | |
| GitLab | >=15.4<15.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3067?
CVE-2022-3067 has been rated as a medium severity vulnerability.
How do I fix CVE-2022-3067?
To fix CVE-2022-3067, upgrade to GitLab version 15.2.5, 15.3.4, or 15.4.1 or later.
What types of systems are affected by CVE-2022-3067?
CVE-2022-3067 affects all versions of GitLab CE/EE from 14.4 before 15.2.5, from 15.3 before 15.3.4, and from 15.4 before 15.4.1.
Who can exploit CVE-2022-3067?
CVE-2022-3067 can be exploited by authenticated users to read arbitrary project content.
What is the impact of CVE-2022-3067?
The impact of CVE-2022-3067 allows authenticated users to gain access to sensitive data from other projects.
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/14.4
- version/gitlab/15.3
- version/gitlab/15.4