CVE-2022-0983: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

March 25, 2022 (updated November 7, 2023)

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

References

bugzilla.redhat.com/show_bug.cgi?id=2064119
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/
nvd.nist.gov/vuln/detail/CVE-2022-0983

Code Behaviors & Features

Detect and mitigate CVE-2022-0983 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →