CVE-2022-4143

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jun 28, 2023

Updated: Jul 6, 2023

CWE ID 434

Summary

CVE-2022-4143 is a vulnerability affecting GitLab versions 15.7 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. This issue enables an attacker to submit and merge unauthorized merge requests (MRs) that are crafted, bypassing the usual approval process. This could potentially lead to code modifications and unauthorized access to sensitive information within the GitLab repository. To mitigate this risk, users are encouraged to update their GitLab instances to the latest patched versions as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/oLLCTI
https://www.cve.org/CVERecord?id=CVE-2022-4143
https://nvd.nist.gov/vuln/detail/CVE-2022-4143

Back to Vulnerability Database

CVE-2022-4143

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations