CVE-2022-2228 — Gitlab vulnerability

6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 64.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE +1 more

Timeline

PublishedJul 1

Latest updateJul 2

Description

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶gitlabgitlab/gitlab_runner

▶NVDgitlab/gitlab12.0.0 — 14.10.5+2

▶CVEListV5gitlab/gitlab>=12.0, <14.10.5, >=15.0, <15.0.4, >=15.1, <15.1.1+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-f3g5-424c-vfvp: Information exposure in GitLab EE affecting all versions from 12↗2022-07-02

▶

OSV

CVE-2022-2228: Information exposure in GitLab EE affecting all versions from 12↗2022-07-01

▶

💥Exploits & PoCs

Metasploit

ManageEngine Endpoint Central Unauthenticated SAML RCE↗

▶

📋Vendor Advisories

GitLab

CVE-2022-2228: Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker↗2022-07-01

▶

Debian

CVE-2022-2228: gitlab - Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.1...↗2022

▶