CVE-2022-3758
First published: Thu Mar 09 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=15.5.0<15.7.8 | |
| GitLab | >=15.5.0<15.7.8 | |
| GitLab | >=15.8.0<15.8.4 | |
| GitLab | >=15.8.0<15.8.4 | |
| GitLab | >=15.9.0<15.9.2 | |
| GitLab | >=15.9.0<15.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3758?
CVE-2022-3758 has a medium severity as it allows unauthorized users to access private snippets.
How do I fix CVE-2022-3758?
To fix CVE-2022-3758, upgrade GitLab to versions 15.7.8, 15.8.4, or 15.9.2 or later.
Which GitLab versions are affected by CVE-2022-3758?
CVE-2022-3758 affects GitLab versions from 15.5 to 15.7.8, 15.8 to 15.8.4, and 15.9 to 15.9.2.
What type of vulnerabilities does CVE-2022-3758 represent?
CVE-2022-3758 represents an authorization vulnerability due to improper permissions checks.
Can CVE-2022-3758 be exploited without authentication?
Yes, CVE-2022-3758 can be exploited by unauthorized users, allowing them to manipulate private user snippets.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.5.0
- version/gitlab/15.8.0
- version/gitlab/15.9.0