How severe is CVE-2022-2498?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-2498?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2022-2498

HIGH Year: 2022

CVSS v3 Score

7.5

High

Weakness Type

CWE-269

View all →

Vulnerability Description

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

CVE-2012-1563

HIGH

CVSS:7.5(High)

Joomla! before 2.5.3 allows Admin Account Creation.

CWE-2692012

CVE-2012-5663

HIGH

CVSS:7.5(High)

The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).

CWE-2692012

CVE-2015-8467

HIGH

CVSS:7.5(High)

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative ...

CWE-2692015

CVE-2017-16520

HIGH

CVSS:7.5(High)

Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.

CWE-2692017

CVE-2017-5722

HIGH

CVSS:7.5(High)

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enfor...

CWE-2692017

CVE-2017-7803

HIGH

CVSS:7.5(High)

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbir...

CWE-2692017

CVE-2022-2498

Vulnerability Description

Related Vulnerabilities

CVE-2012-1563

CVE-2012-5663

CVE-2015-8467

CVE-2017-16520

CVE-2017-5722

CVE-2017-7803