Published: 11/05/2022 Updated: 19/05/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab 14.10.0
gitlab gitlab

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 110 prior to 1486, 149 prior to 1494, and 1410 prior to 14101, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members ...

CWE-639 https://hackerone.com/reports/1450306 https://gitlab.com/gitlab-org/gitlab/-/issues/350691 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1352.json https://nvd.nist.gov https://security.archlinux.org/CVE-2022-1352

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-1352

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect