Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-tv9d-9wvu-rfdg

Summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.

Aliases

alias	CVE-2022-2303

Fixed_packages

url	pkg:alpm/archlinux/gitlab@15.2.1-1
purl	pkg:alpm/archlinux/gitlab@15.2.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/gitlab@15.2.0-1

purl pkg:alpm/archlinux/gitlab@15.2.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t9u-drzk-5ffz

vulnerability	VCID-3szm-mdpf-6ua7

vulnerability	VCID-92x8-rmhg-zuh6

vulnerability	VCID-9cvy-mzhc-ukhu

vulnerability	VCID-hd2f-p7zx-vqcp

vulnerability	VCID-hfyr-23g4-y7e5

vulnerability	VCID-mbnw-5r9b-mybe

vulnerability	VCID-mrtq-9dj4-a7bf

vulnerability	VCID-tv9d-9wvu-rfdg

vulnerability	VCID-tzw9-uffa-9ycy

vulnerability	VCID-wyff-62y3-9qdq

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.0-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2303

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37767
published_at	2026-04-29T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38229
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38252
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38122
published_at	2026-04-07T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38172
published_at	2026-04-08T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.3818
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38198
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38163
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38139
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38184
published_at	2026-04-16T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38166
published_at	2026-04-18T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38101
published_at	2026-04-21T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37885
published_at	2026-04-24T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37862
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2303

reference_url

https://security.archlinux.org/AVG-2785

reference_id

AVG-2785

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2785

Weaknesses

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv9d-9wvu-rfdg

Vulnerability Instance