CVE-2022-3285 — Vulnetix

CVE-2022-3285 PUBLISHED

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab

EPSS 0.26% · 49.1th percentile

Risk Scores

EPSS Score

0.26%

49.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	12.0.0, 15.3.0, 15.4.0
Bitnami	gitlab	12.0.0, 15.3.0, 15.4.0

Exploit Intelligence

https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64 (circl)
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json (circl)

Timeline

Jul 1, 2022 CVE Published
Nov 10, 2022 EPSS Score
Dec 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 19, 2023 EPSS Score
May 1, 2023 EPSS Score
Jun 13, 2023 EPSS Score
Jul 26, 2023 EPSS Score
Sep 7, 2023 EPSS Score
Oct 20, 2023 EPSS Score
Dec 2, 2023 EPSS Score

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json url
https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/64 url
https://nvd.nist.gov/vuln/detail/CVE-2022-3285 url

Open in Interactive Console →