CVE-2022-1105

Medium

4.3/10

Summary

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

References

Advisory Timeline

Published Apr 04, 2022

CVE-2022-1105

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS