CVE-2022-2095

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.

Related Vulnerabilities

CVE-2012-3821

MEDIUM
CVSS:4.3(Medium)

A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.

CWE-8632012

CVE-2013-4228

MEDIUM
CVSS:4.3(Medium)

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authent...

CWE-8632013

CVE-2013-4411

MEDIUM
CVSS:4.3(Medium)

Review Board: URL processing gives unauthorized users access to review lists

CWE-8632013

CVE-2016-4178

MEDIUM
CVSS:4.3(Medium)

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sen...

CWE-8632016

CVE-2017-17323

MEDIUM
CVSS:4.3(Medium)

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain i...

CWE-8632017

CVE-2017-1766

MEDIUM
CVSS:4.3(Medium)

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

CWE-8632017