CVE-2022-3331
First published: Mon Oct 17 2022(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=14.5<15.1.6 | |
| GitLab | >=15.2<15.2.4 | |
| GitLab | >=15.3<15.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3331?
CVE-2022-3331 has a high severity due to its potential for exploiting insecure direct object references.
How do I fix CVE-2022-3331?
To fix CVE-2022-3331, update GitLab to version 15.1.6 or later, 15.2.4 or later, or 15.3.2 or later.
Which versions of GitLab are affected by CVE-2022-3331?
CVE-2022-3331 affects GitLab versions from 14.5 to below 15.1.6, from 15.2 to below 15.2.4, and from 15.3 to below 15.3.2.
What kind of vulnerability is CVE-2022-3331?
CVE-2022-3331 is categorized as an insecure direct object reference vulnerability.
Can CVE-2022-3331 be exploited remotely?
Yes, CVE-2022-3331 can be exploited remotely, allowing unauthorized access to sensitive information.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/14.5
- version/gitlab/15.2
- version/gitlab/15.3