CVE-2022-2499

Description

An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.

Related CPE's

a gitlab gitlab ****enterprise ***

a gitlab gitlab 15.2 ***enterprise ***

a gitlab gitlab ****enterprise ***

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2499.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/360800

Broken LinkVendor Advisory

https://hackerone.com/reports/1538068

Permissions RequiredThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io