CVE-2022-2533Improper Authentication in Gitlab

CWE-287Improper Authentication5 documents5 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 61.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedOct 17

Description

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

NVDgitlab/gitlab12.1015.1.6+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=12.10, <15.1.6, >=15.2, <15.2.4, >=15.3, <15.3.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
OSV
CVE-2022-2533: An issue has been discovered in GitLab affecting all versions starting from 122022-10-17
GHSA
GHSA-mx6m-x365-fxj7: An issue has been discovered in GitLab affecting all versions starting from 122022-10-17

📋Vendor Advisories

2
GitLab
CVE-2022-2533: An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all ve2022-10-17
Debian
CVE-2022-2533: gitlab - An issue has been discovered in GitLab affecting all versions starting from 12.1...2022