Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3413

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.

Published

2022-11-10T00:15:20.737

Last Modified

2025-05-01T16:15:22.977

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-639
Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 15.3.5	Yes
Application	gitlab	gitlab	< 15.4.4	Yes
Application	gitlab	gitlab	< 15.5.2	Yes

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/374926 Broken Link, Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/374926 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/374926 Broken Link, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)