CVE-2022-2229
published 2022-07-01CVE-2022-2229: An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.23%
65.2th percentile
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.7.0 < 14.10.5 | 14.10.5 |
| gitlab | gitlab | >= 15.0.0 < 15.0.4 | 15.0.4 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c63c-249m-g37m: An improper authorization issue in GitLab CE/EE affecting all versions from 13
ghsa_unreviewed·2022-07-02
CVE-2022-2229 [HIGH] CWE-863 GHSA-c63c-249m-g37m: An improper authorization issue in GitLab CE/EE affecting all versions from 13
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
OSV
CVE-2022-2229: An improper authorization issue in GitLab CE/EE affecting all versions from 13
osv·2022-07-01·CVSS 7.5
CVE-2022-2229 [HIGH] CVE-2022-2229: An improper authorization issue in GitLab CE/EE affecting all versions from 13
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
GitLab
CVE-2022-2229: An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allo
vendor_gitlab·2022-07-01·CVSS 7.5
CVE-2022-2229 [HIGH] CVE-2022-2229: An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allo
CVE-2022-2229: An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Debian
CVE-2022-2229: gitlab - An improper authorization issue in GitLab CE/EE affecting all versions from 13.7...
vendor_debian·2022·CVSS 7.5
CVE-2022-2229 [HIGH] CVE-2022-2229: gitlab - An improper authorization issue in GitLab CE/EE affecting all versions from 13.7...
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2229.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/355738https://hackerone.com/reports/1511133https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2229.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/355738https://hackerone.com/reports/1511133
2022-07-01
Published