CVE-2022-4205

Summary

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=1.0, <12.9.8affected
GitLabGitLab>=15.5, <15.5.5affected
GitLabGitLab>=15.6, <15.6.1affected

Weaknesses

  • Access of resource using incompatible type ('type confusion') in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References