CVE-2022-1936

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1936
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1936.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1936
Aliases
Published
2022-06-06T17:15:10Z
Modified
2025-04-06T22:45:10Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events