| Vulnerability Name: | CVE-2022-2533 (CCN-234826) | ||||||||||||
| Assigned: | 2022-08-30 | ||||||||||||
| Published: | 2022-08-30 | ||||||||||||
| Updated: | 2022-10-19 | ||||||||||||
| Summary: | An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | ||||||||||||
| CVSS v3 Severity: | 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) 6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-2533 Source: CCN Type: GitLab Web site GitLab Critical Security Release: 15.3.2, 15.2.4 and 15.1.6 Source: XF Type: UNKNOWN gitlab-cve20222533-sec-bypass(234826) Source: CONFIRM Type: Third Party Advisory https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json Source: MISC Type: Broken Link, Third Party Advisory https://gitlab.com/gitlab-org/gitlab/-/issues/363863 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||