CVE-2022-3031

Published October 17th, 2022

View on NVD ↗

CVSS v3

3.7

LOW

CVSS v2

N/A

Affected

PROJECTS

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.

gitlab-org/cves

This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information

GitLab

gitlab-org/gitlab

GitLab is the open-source DevSecOps platform that provides a complete software development lifecycle toolchain including source control, CI/CD, security scanning, and project management in a single application.

GitLab

6.06K