CVE-2022-1936

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1936
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1936.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1936
Aliases
Published
2022-06-06T17:15:10Z
Modified
2025-04-06T22:45:10Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b13818e8330f68625d80d9bf5d8049c41fbe197
Fixed
661f7e4160fd380b54f36039b0e7f585b4cdb647