{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T10:45:38.196","vulnerabilities":[{"cve":{"id":"CVE-2022-0172","sourceIdentifier":"cve@gitlab.com","published":"2022-01-18T17:15:10.187","lastModified":"2024-11-21T06:38:04.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones."},{"lang":"es","value":"Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 12.3. Bajo determinadas condiciones era posible omitir la restricción de IP para proyectos públicos mediante GraphQL permitiendo a usuarios no autorizados leer títulos de incidencias, peticiones de fusión e hitos"}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.2","versionEndExcluding":"14.4.5","matchCriteriaId":"AE9D83D8-5918-4E88-9CF7-653A6993BDA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.2","versionEndExcluding":"14.4.5","matchCriteriaId":"4E755CF1-D60D-4576-8595-AD5D6DE88EB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"14.5.0","versionEndExcluding":"14.5.3","matchCriteriaId":"F4792D58-0D9A-43E6-879B-8DC10289BBED"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.5.0","versionEndExcluding":"14.5.3","matchCriteriaId":"2E89DBD2-9B16-4842-B103-B2B4096C046F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"14.6.0","versionEndExcluding":"14.6.2","matchCriteriaId":"3881FF6F-04B1-4780-A445-8FD3C5E70211"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"14.6.0","versionEndExcluding":"14.6.2","matchCriteriaId":"404671C6-4722-446A-B0B3-BA551FEAA4FC"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0172.json","source":"cve@gitlab.com","tags":["Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/348411","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0172.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/348411","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}}]}