CVE-2022-1981

LOW Year: 2022
CVSS v3 Score
2.7
Low
CVSS v2 Score
3.5
Low
Weakness Type
CWE-863
View all →

Vulnerability Description

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.

Related Vulnerabilities

CVE-2021-39945

LOW
CVSS:2.7(Low)

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, al...

CWE-8632021

CVE-2022-41962

LOW
CVSS:2.7(Low)

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the ...

CWE-8632022

CVE-2023-5159

LOW
CVSS:2.7(Low)

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.

CWE-8632023

CVE-2023-5193

LOW
CVSS:2.7(Low)

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.

CWE-8632023

CVE-2024-44114

LOW
CVSS:2.7(Low)

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentialit...

CWE-8632024

CVE-2024-7296

LOW
CVSS:2.7(Low)

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending m...

CWE-8632024