CVE-2022-1111 - OpenCVE

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json
https://gitlab.com/gitlab-org/gitlab/-/issues/345236

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2022-04-04T19:46:10

Updated: 2024-08-02T23:55:24.171Z

Reserved: 2022-03-28T00:00:00

Link: CVE-2022-1111

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-04T20:15:09.750

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-1111

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "GitLab", "vendor": "GitLab", "versions": [{"status": "affected", "version": ">=14.9, <14.9.2"}, {"status": "affected", "version": ">=14.8.0, <14.8.5"}, {"status": "affected", "version": ">=14.0, <14.7.7"}]}], "credits": [{"lang": "en", "value": "This vulnerability has been discovered internally by the GitLab team"}], "descriptions": [{"lang": "en", "value": "A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Vulnerability in GitLab", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-04T19:46:10", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/345236"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@gitlab.com", "ID": "CVE-2022-1111", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GitLab", "version": {"version_data": [{"version_value": ">=14.9, <14.9.2"}, {"version_value": ">=14.8.0, <14.8.5"}, {"version_value": ">=14.0, <14.7.7"}]}}]}, "vendor_name": "GitLab"}]}}, "credit": [{"lang": "eng", "value": "This vulnerability has been discovered internally by the GitLab team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Vulnerability in GitLab"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/345236", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/345236"}, {"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.171Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/345236"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json"}]}]}, "cveMetadata": {"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2022-1111", "datePublished": "2022-04-04T19:46:10", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2024-08-02T23:55:24.171Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "927C8227-59BF-4D78-9CC6-8D5DE56C69ED", "versionEndExcluding": "14.7.7", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8B99B199-41E9-49D3-8EC1-2E10CCB9F876", "versionEndExcluding": "14.7.7", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "723E51BE-5A83-439E-8D37-EACDC4E5E6B2", "versionEndExcluding": "14.8.5", "versionStartIncluding": "14.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B21DB80A-89B0-4821-AACD-A0DB4102C123", "versionEndExcluding": "14.8.5", "versionStartIncluding": "14.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "50473ACF-87F3-4919-A1C8-1C1D3AED7024", "versionEndExcluding": "14.9.2", "versionStartIncluding": "14.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "84DA7B4F-42A6-4940-98D5-3BF151FD3287", "versionEndExcluding": "14.9.2", "versionStartIncluding": "14.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages"}, {"lang": "es", "value": "Un error de l\u00f3gica empresarial en la Importaci\u00f3n de Proyectos en GitLab CE/EE versiones 14.9 anteriores a 14.9.2, 14.8 anteriores a 14.8.5 y 14.0 anteriores a 14.7.7 causaba, en determinadas condiciones, que los proyectos importados mostraran un usuario incorrecto en la columna \"Access Granted\" de las p\u00e1ginas de pertenencia al proyecto"}], "id": "CVE-2022-1111", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2022-04-04T20:15:09.750", "references": [{"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/345236"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}