| ID |
CVE-2022-2307
|
| Summary |
A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
|
| CVSS |
| Base: | None |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-459 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
|
|
|
|
| Impact |
| Confidentiality | Integrity | Availability |
|
|
|
|
| Last major update |
11-08-2022 - 15:02 |
| Published |
05-08-2022 - 16:15 |
| Last modified |
11-08-2022 - 15:02 |
