CVE-2022-3413

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.

Related Vulnerabilities

CVE-2017-0920

MEDIUM
CVSS:4.3(Medium)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...

CWE-6392017

CVE-2017-15195

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

CWE-6392017

CVE-2017-15196

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.

CWE-6392017

CVE-2017-15197

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.

CWE-6392017

CVE-2017-15199

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.

CWE-6392017

CVE-2017-15200

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.

CWE-6392017