CVE-2022-1821 - Vulnerability Details

Vendors	Products
Gitlab	Gitlab

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json
https://gitlab.com/gitlab-org/gitlab/-/issues/353730

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "GitLab", "vendor": "GitLab", "versions": [{"status": "affected", "version": ">=15.0.0, <15.0.1"}, {"status": "affected", "version": ">=14.10.0, <14.10.4"}, {"status": "affected", "version": ">=10.8, <14.9.5"}]}], "credits": [{"lang": "en", "value": "This vulnerability was discovered internally by a member of the GitLab team."}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled resource consumption in GitLab", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-06T16:56:35", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353730"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@gitlab.com", "ID": "CVE-2022-1821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GitLab", "version": {"version_data": [{"version_value": ">=15.0.0, <15.0.1"}, {"version_value": ">=14.10.0, <14.10.4"}, {"version_value": ">=10.8, <14.9.5"}]}}]}, "vendor_name": "GitLab"}]}}, "credit": [{"lang": "eng", "value": "This vulnerability was discovered internally by a member of the GitLab team."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled resource consumption in GitLab"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/353730", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353730"}, {"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.595Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353730"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json"}]}]}, "cveMetadata": {"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2022-1821", "datePublished": "2022-06-06T16:56:35", "dateReserved": "2022-05-23T00:00:00", "dateUpdated": "2024-08-03T00:17:00.595Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : GitLab (string)

vendor : GitLab (string)

versions : [ »

0 : { »

status : affected (string)

version : >=15.0.0, <15.0.1 (string)

}

1 : { »

status : affected (string)

version : >=14.10.0, <14.10.4 (string)

}

2 : { »

status : affected (string)

version : >=10.8, <14.9.5 (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : This vulnerability was discovered internally by a member of the GitLab team. (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Uncontrolled resource consumption in GitLab (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-06-06T16:56:35 (string)

orgId : ceab7361-8a18-47b1-92ba-4d7d25f6715a (string)

shortName : GitLab (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://gitlab.com/gitlab-org/gitlab/-/issues/353730 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@gitlab.com (string)

ID : CVE-2022-1821 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : GitLab (string)

version : { »

version_data : [ »

0 : { »

version_value : >=15.0.0, <15.0.1 (string)

}

1 : { »

version_value : >=14.10.0, <14.10.4 (string)

}

2 : { »

version_value : >=10.8, <14.9.5 (string)

}

]

}

]

}

vendor_name : GitLab (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : This vulnerability was discovered internally by a member of the GitLab team. (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Uncontrolled resource consumption in GitLab (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://gitlab.com/gitlab-org/gitlab/-/issues/353730 (string)

refsource : MISC (string)

url : https://gitlab.com/gitlab-org/gitlab/-/issues/353730 (string)

}

1 : { »

name : https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json (string)

refsource : CONFIRM (string)

url : https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T00:17:00.595Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://gitlab.com/gitlab-org/gitlab/-/issues/353730 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ceab7361-8a18-47b1-92ba-4d7d25f6715a (string)

assignerShortName : GitLab (string)

cveId : CVE-2022-1821 (string)

datePublished : 2022-06-06T16:56:35 (string)

dateReserved : 2022-05-23T00:00:00 (string)

dateUpdated : 2024-08-03T00:17:00.595Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "90E0ACB3-7C7B-4544-BA1C-7CA720D39F03", "versionEndExcluding": "14.9.5", "versionStartIncluding": "10.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "31D8ECD8-4123-406D-8A57-C64B2568D0F0", "versionEndExcluding": "14.9.5", "versionStartIncluding": "10.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "5E69F4A1-5B3A-4FF5-95EC-62DCEB7DCE5F", "versionEndExcluding": "14.10.4", "versionStartIncluding": "14.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4E6B5E02-4670-4E74-A3EA-DF81659861E1", "versionEndExcluding": "14.10.4", "versionStartIncluding": "14.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:*", "matchCriteriaId": "00FDE831-EC28-4124-AC9F-A1C089D5BBFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E8953D9B-56DF-4AA2-BFDC-B28CF4F31CB5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group."}, {"lang": "es", "value": "Se ha detectado un problema en GitLab CE/EE afectando todas las versiones a partir de 10.8 anteriores a 14.9.5, todas las versiones a partir de la 14.10 anteriores a 14.10.4, todas las versiones a partir de la 15.0 anteriores a 15.0.1. Es posible que un miembro de un subgrupo pueda acceder a la lista de miembros de su grupo padre"}], "id": "CVE-2022-1821", "lastModified": "2024-11-21T06:41:32.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-06T17:15:10.610", "references": [{"source": "cve@gitlab.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/353730"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* (string)

matchCriteriaId : 90E0ACB3-7C7B-4544-BA1C-7CA720D39F03 (string)

versionEndExcluding : 14.9.5 (string)

versionStartIncluding : 10.8.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 31D8ECD8-4123-406D-8A57-C64B2568D0F0 (string)

versionEndExcluding : 14.9.5 (string)

versionStartIncluding : 10.8.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* (string)

matchCriteriaId : 5E69F4A1-5B3A-4FF5-95EC-62DCEB7DCE5F (string)

versionEndExcluding : 14.10.4 (string)

versionStartIncluding : 14.10.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 4E6B5E02-4670-4E74-A3EA-DF81659861E1 (string)

versionEndExcluding : 14.10.4 (string)

versionStartIncluding : 14.10.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:* (string)

matchCriteriaId : 00FDE831-EC28-4124-AC9F-A1C089D5BBFA (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : E8953D9B-56DF-4AA2-BFDC-B28CF4F31CB5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. (string)

}

1 : { »

lang : es (string)

value : Se ha detectado un problema en GitLab CE/EE afectando todas las versiones a partir de 10.8 anteriores a 14.9.5, todas las versiones a partir de la 14.10 anteriores a 14.10.4, todas las versiones a partir de la 15.0 anteriores a 15.0.1. Es posible que un miembro de un subgrupo pueda acceder a la lista de miembros de su grupo padre (string)

}

]

id : CVE-2022-1821 (string)

lastModified : 2024-11-21T06:41:32.687 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : cve@gitlab.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-06-06T17:15:10.610 (string)

references : [ »

0 : { »

source : cve@gitlab.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json (string)

}

1 : { »

source : cve@gitlab.com (string)

tags : [ »

0 : Broken Link (string)

]

url : https://gitlab.com/gitlab-org/gitlab/-/issues/353730 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : https://gitlab.com/gitlab-org/gitlab/-/issues/353730 (string)

}

]

sourceIdentifier : cve@gitlab.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object