Description
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/349750
Patch, Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1944.json
Scores
CVSS v3
5.4
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Details
CWE
CWE-863
Status
published
Products (2)
gitlab/gitlab
15.0.0 (2 CPE variants)
gitlab/gitlab
11.3.0 - 14.9.5 (2 CPE variants)
Published
Jun 06, 2022
Tracked Since
Feb 18, 2026