CVE-2022-2531

MEDIUM

GitLab EE <15.0.5-15.2.1 - Path Traversal

Title source: llm
STIX 2.1

Description

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.

References (3)

Core 3
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/364252
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1566306

Scores

CVSS v3 5.3
EPSS 0.0066
EPSS Percentile 71.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
gitlab/gitlab 15.2
gitlab/gitlab 12.5.0 - 15.0.5
Published Aug 05, 2022
Tracked Since Feb 18, 2026