Candidate: CVE-2022-0125
PublicDate: 2022-01-18 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0125
 https://gitlab.com/gitlab-org/gitlab/-/issues/345564
 https://hackerone.com/reports/1356100
 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0125.json
Description:
 An issue has been discovered in GitLab affecting all versions starting from
 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all
 versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that
 a maintainer of a project had the right access to import members from a
 target project.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_gitlab:
upstream_gitlab: needs-triage
trusty_gitlab: ignored (out of standard support)
xenial_gitlab: ignored (out of standard support)