CVE-2022-2303

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.

Related Vulnerabilities

CVE-2016-10835

MEDIUM
CVSS:4.3(Medium)

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

CWE-2872016

CVE-2016-4863

MEDIUM
CVSS:4.3(Medium)

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series ...

CWE-2872016

CVE-2017-1000110

MEDIUM
CVSS:4.3(Medium)

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines i...

CWE-2872017

CVE-2017-1002024

MEDIUM
CVSS:4.3(Medium)

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CWE-2872017

CVE-2017-12213

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dyna...

CWE-2872017

CVE-2018-0362

MEDIUM
CVSS:4.3(Medium)

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attack...

CWE-2872018