---

CVE-2022-1417 - log back

CVE-2022-1417 edited at 09 May 2022 09:57:08
Severity	- Unknown + Medium
Type	- Unknown + Authentication bypass
Description	+ Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 8.13 before 14.9.4, and all versions starting from 8.14 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs.

CVE-2022-1417 edited at 09 May 2022 09:02:42
Severity	- Medium + Unknown
Type	- Denial of service + Unknown
Description	- An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

CVE-2022-1417 edited at 09 May 2022 09:02:22
Severity	- Unknown + Medium
Type	- Unknown + Denial of service
Description	+ An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.
References
Notes

CVE-2022-1417 created at 09 May 2022 08:57:49