CVE-2022-4143
5.3
MEDIUM
CVSS 3.1
EPSS 0.21%
Description
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
How to fix CVE-2022-4143
To remediate CVE-2022-4143, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 15.8.5 or later
Is CVE-2022-4143 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 15.7.0, < 15.8.5, >= 15.9.0, < 15.9.4, >= 15.10.0, < 15.10.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |