CVE-2022-4037

HIGH Year: 2022
CVSS v3 Score
8.5
High
Weakness Type
CWE-362
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.

Related Vulnerabilities

CVE-2017-16857

HIGH
CVSS:8.5(High)

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsusp...

CWE-3622017

CVE-2021-30465

HIGH
CVSS:8.5(High)

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount...

CWE-3622021

CVE-2016-0848

HIGH
CVSS:8.4(High)

Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions vi...

CWE-3622016

CVE-2024-0041

HIGH
CVSS:8.4(High)

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to rem...

CWE-3622024

CVE-2024-32908

HIGH
CVSS:8.4(High)

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User in...

CWE-3622024