CVE-2022-1124
MEDIUMGitLab < 14.8.6, 14.9.0-14.9.4, 14.10.0 - Incorrect Authorization for Job Trace Log Access
Title source: llmDescription
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/323552
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1113405
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.json
Scores
CVSS v3
4.3
EPSS
0.0024
EPSS Percentile
47.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
Status
published
Products (2)
gitlab/gitlab
14.10.0 (2 CPE variants)
gitlab/gitlab
< 14.8.6 (2 CPE variants)
Published
May 11, 2022
Tracked Since
Feb 18, 2026