CVE-2022-1111

Description

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages

How to fix CVE-2022-1111

To remediate CVE-2022-1111, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 14.7.7 or later

Is CVE-2022-1111 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 14.0.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

References (3)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/345236
WEBnvd.nist.gov/vuln/detail/CVE-2022-1111