CVE-2022-1460

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.

Related Vulnerabilities

CVE-2017-6816

MEDIUM
CVSS:4.9(Medium)

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CWE-8632017

CVE-2020-15120

MEDIUM
CVSS:4.9(Medium)

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be fur...

CWE-8632020

CVE-2020-26028

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.

CWE-8632020

CVE-2021-22186

MEDIUM
CVSS:4.9(Medium)

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

CWE-8632021

CVE-2021-22535

MEDIUM
CVSS:4.9(Medium)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could ...

CWE-8632021

CVE-2021-29158

MEDIUM
CVSS:4.9(Medium)

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

CWE-8632021