← Back

CVE-2022-2882

nvd nist
Published: Oct 28, 2022Modified: May 7, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 12.6.0 to 15.2.5
Gitlab
From 15.3 to 15.3.4
Gitlab
From 15.4 to 15.4.1
Gitlab
From 12.6.0 to 15.2.5
Gitlab
From 15.3 to 15.3.4
Gitlab
From 15.4 to 15.4.1

Related CWEs

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (7)

Source: cve@gitlab.com
Vendor Advisory
Source: cve@gitlab.com
Broken LinkThird Party Advisory
Source: cve@gitlab.com
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Broken LinkThird Party Advisory

Timeline

No history available yet.