CVE-2022-2228

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2228

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2228.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2228

Aliases

BIT-gitlab-2022-2228

Related

UBUNTU-CVE-2022-2228

Published

2022-07-01T17:15:07Z

Modified

2025-04-06T22:45:10Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

3b13818e8330f68625d80d9bf5d8049c41fbe197

Fixed

af6735ad95ff7a4578c8548d37ce9e8247385d5e