What is CVE-2022-0735?

CVE-2022-0735 is a critical-severity vulnerability in Gitlab. CVSS score: 10.0/10. Published 2022-03-28.

How severe is CVE-2022-0735?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2022-0735 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gitlab

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal run…

EPSS: 0.735 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Gitlab — versions >=14.8, <14.8.2, >=14.7, <14.7.4, >=12.10, <14.6.5

Public proof-of-concept exploits

References

gitlab.com/gitlab-org/gitlab/-/issues/353529 (x_refsource_MISC)
gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-0735?: CVE-2022-0735 is a critical-severity vulnerability in Gitlab. CVSS score: 10.0/10. Published 2022-03-28.
How severe is CVE-2022-0735?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2022-0735 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.