Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p2cr-m73e-tkcj
SummaryAn account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.
Aliases
0
alias CVE-2022-1680
Fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1680
reference_id
reference_type
scores
0
value 0.10386
scoring_system epss
scoring_elements 0.93183
published_at 2026-04-01T12:55:00Z
1
value 0.10386
scoring_system epss
scoring_elements 0.93192
published_at 2026-04-02T12:55:00Z
2
value 0.10386
scoring_system epss
scoring_elements 0.93196
published_at 2026-04-04T12:55:00Z
3
value 0.10386
scoring_system epss
scoring_elements 0.93194
published_at 2026-04-07T12:55:00Z
4
value 0.10386
scoring_system epss
scoring_elements 0.93203
published_at 2026-04-08T12:55:00Z
5
value 0.10386
scoring_system epss
scoring_elements 0.93207
published_at 2026-04-09T12:55:00Z
6
value 0.10386
scoring_system epss
scoring_elements 0.93211
published_at 2026-04-11T12:55:00Z
7
value 0.10386
scoring_system epss
scoring_elements 0.93209
published_at 2026-04-12T12:55:00Z
8
value 0.10386
scoring_system epss
scoring_elements 0.9321
published_at 2026-04-13T12:55:00Z
9
value 0.10386
scoring_system epss
scoring_elements 0.93226
published_at 2026-04-16T12:55:00Z
10
value 0.10386
scoring_system epss
scoring_elements 0.93231
published_at 2026-04-18T12:55:00Z
11
value 0.10386
scoring_system epss
scoring_elements 0.93238
published_at 2026-04-21T12:55:00Z
12
value 0.10386
scoring_system epss
scoring_elements 0.93244
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1680
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p2cr-m73e-tkcj