CVE-2022-2244
MEDIUMGitLab EE/CE <14.10.5, <15.0.4, <15.1.1 - Privilege Escalation
Title source: llmDescription
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/360666
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1619583
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2244.json
Scores
CVSS v3
4.3
EPSS
0.0017
EPSS Percentile
38.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (2)
gitlab/gitlab
15.1.0 (2 CPE variants)
gitlab/gitlab
14.8.0 - 14.10.5 (2 CPE variants)
Published
Jul 01, 2022
Tracked Since
Feb 18, 2026