CVE-2022-3285
First published: Wed Nov 09 2022(Updated: )
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=12.0.0<15.2.5 | |
| GitLab | >=12.0.0<15.2.5 | |
| GitLab | >=15.3.0<15.3.4 | |
| GitLab | >=15.3.0<15.3.4 | |
| GitLab | =15.4.0 | |
| GitLab | =15.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3285?
CVE-2022-3285 has a medium severity rating as it allows unauthorized users to access the healthcheck endpoint.
How do I fix CVE-2022-3285?
To fix CVE-2022-3285, upgrade GitLab to versions 15.2.5, 15.3.4, or 15.4.1 or later.
Which versions are affected by CVE-2022-3285?
CVE-2022-3285 affects all GitLab versions from 12.0 up to but not including 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
What type of attack can CVE-2022-3285 enable?
CVE-2022-3285 enables an unauthorized attacker to potentially disrupt access to the GitLab service.
Is CVE-2022-3285 specific to any edition of GitLab?
No, CVE-2022-3285 affects both the community and enterprise editions of GitLab.
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.0.0
- version/gitlab/15.3.0
- version/gitlab/15.4.0