admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-19xx/CVE-2022-1936.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

146 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-1936",
"sourceIdentifier": "cve@gitlab.com",
"published": "2022-06-06T17:15:10.737",
"lastModified": "2022-06-13T18:27:32.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured"
},
{
"lang": "es",
"value": "Una autorizaci\u00f3n incorrecta en GitLab EE, afectando todas las versiones a partir de 12.0 anteriores a 14.9.5, todas las versiones a partir de 14.10 anteriores a 14.10.4 y todas las versiones a partir de 15.0 anteriores a 15.0.1, permit\u00eda que un atacante que ya estuviera en posesi\u00f3n de un token de despliegue de proyecto v\u00e1lido lo usara inapropiadamente desde cualquier ubicaci\u00f3n, incluso cuando hubieran sido configuradas restricciones de direcci\u00f3n IP"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "14.9.5",
"matchCriteriaId": "8032FDD5-A274-48C6-A528-F99CCA42338C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "14.10.0",
"versionEndExcluding": "14.10.4",
"matchCriteriaId": "4E6B5E02-4670-4E74-A3EA-DF81659861E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E8953D9B-56DF-4AA2-BFDC-B28CF4F31CB5"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1936.json",
"source": "cve@gitlab.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/363638",
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink