CVE-2022-2533

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2533

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2533.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2533

Aliases

BIT-gitlab-2022-2533

Related

UBUNTU-CVE-2022-2533

Published

2022-10-17T16:15:21Z

Modified

2025-05-13T20:15:21Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

58d798bed6228196b580ae8def5d5080e5a56c73

Fixed

e3fcea907325032eeaa732b45d404a26e6310018