CVE-2022-1352

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

Related Vulnerabilities

CVE-2018-10211

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.

CWE-6392018

CVE-2018-18976

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud pla...

CWE-6392018

CVE-2019-15581

MEDIUM
CVSS:5.3(Medium)

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via...

CWE-6392019

CVE-2019-15582

MEDIUM
CVSS:5.3(Medium)

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

CWE-6392019

CVE-2019-7864

MEDIUM
CVSS:5.3(Medium)

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized a...

CWE-6392019

CVE-2019-9170

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

CWE-6392019