Description
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1999.json
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/357963
Scores
CVSS v3
3.1
EPSS
0.0015
EPSS Percentile
35.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
Status
published
Products (2)
gitlab/gitlab
15.1.0 (2 CPE variants)
gitlab/gitlab
8.13.0 - 14.10.5 (2 CPE variants)
Published
Jul 01, 2022
Tracked Since
Feb 18, 2026