CVE-2022-2228
Last modified
CVE-2022-2228 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 12.0.0, < 14.10.5 |
| Gitlab | Gitlab | >= 15.0.0, < 15.0.4 |
| Gitlab | Gitlab | 15.1.0 |
References
- https://gitlab.com/gitlab-org/security/gitlab/-/issues/682Permissions Required, Vendor Advisory
- https://gitlab.com/gitlab-org/security/gitlab/-/issues/682Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2228?
How severe is CVE-2022-2228?
How do I fix CVE-2022-2228?
Are you affected by CVE-2022-2228?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST