← back
CVE-2022-1111

CVE-2022-1111

CVSS 2.4 LOWEPSS 0.6%
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.4EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Affected products
GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/345236