CVE-2022-4331

Description

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.

How to fix CVE-2022-4331

To remediate CVE-2022-4331, upgrade the affected package to a fixed version below.

—upgrade to 15.7.8 or later

Is CVE-2022-4331 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 15.1.0, < 15.7.8, >= 15.8.0, < 15.8.4, >= 15.9.0, < 15.9.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References (4)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/385050
WEBhackerone.com/reports/1791518
WEBnvd.nist.gov/vuln/detail/CVE-2022-4331