CVE-2022-2228

Published: Jul 1, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.0.0 to 14.10.5
Gitlab Gitlab	From 15.0.0 to 15.0.4
Gitlab Gitlab	Version 15.1.0

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2228.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/security/gitlab/-/issues/682

Source: cve@gitlab.com

Permissions RequiredVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2228.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/security/gitlab/-/issues/682

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.