CVE-2022-3758

MEDIUM

GitLab 15.5.0-15.7.7, 15.8.0-15.8.3, 15.9.0-15.9.1 - Unauthenticated Private Snippet Access via Improper Permissions

Title source: llm

Description

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.

References (3)

Core 3

Core References

Vendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3758.json

Broken Link

https://gitlab.com/gitlab-org/gitlab/-/issues/379598

Permissions Required

https://hackerone.com/reports/1751258

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 61.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (1)

gitlab/gitlab 15.5.0 - 15.7.8 (2 CPE variants)

Published Mar 09, 2023

Tracked Since Feb 18, 2026