Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2022-2244 CVE-2022-2227 CVE-2022-1999 CVE-2022-2250 CVE-2022-2270 CVE-2022-1954 CVE-2022-2243 CVE-2022-2185 CVE-2022-1981 CVE-2022-2228 CVE-2022-1963 CVE-2022-1983 CVE-2022-2229 CVE-2022-2230 CVE-2022-2235 CVE-2022-2281 |
| CWE-ID | CWE-285 CWE-284 CWE-20 CWE-601 CWE-200 CWE-77 CWE-79 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
Gitlab Community Edition Universal components / Libraries / Software for developers GitLab Enterprise Edition Universal components / Libraries / Software for developers |
| Vendor | GitLab, Inc |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Improper Authorization
EUVDB-ID: #VU64849
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2244
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote user can manage issues in project's error tracking feature.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.8.0 - 15.1.0
GitLab Enterprise Edition: 14.8.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU64854
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2227
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the runner jobs API. A remote user can access job and project meta data under certain conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.1.0
GitLab Enterprise Edition: 6.2.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU64853
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1999
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can change labels description.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 8.13 - 15.1.0
GitLab Enterprise Edition: 8.13.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Open redirect
EUVDB-ID: #VU64852
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2250
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 11.1 - 15.1.0
GitLab Enterprise Edition: 11.1.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU64851
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2270
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect permissions verification. A remote user can gain read access to Conan packages names.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.4.0 - 15.1.0
GitLab Enterprise Edition: 12.4.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU64850
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1954
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can send specially crafted web server response headers and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.1.0
GitLab Enterprise Edition: 6.2.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU64848
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2243
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and enumerate issues in non-linked sentry projects.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.8.0 - 15.1.0
GitLab Enterprise Edition: 14.8.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Command Injection
EUVDB-ID: #VU64840
Risk: Medium
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-2185
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation within the Project Imports. A remote user can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.0.0 - 15.1.0
GitLab Enterprise Edition: 14.0.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Improper access control
EUVDB-ID: #VU64847
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1981
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote administrator can use the "Invite a group" feature to invite a group that has members that don't comply with domain allow-list.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.2.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU64846
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2228
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.0.0 - 15.1.0
GitLab Enterprise Edition: 12.0.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU64845
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1963
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can reveal if a user has enabled two-factor authentication on their account in the HTML source
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.4.0 - 15.1.0
GitLab Enterprise Edition: 13.4.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Authorization
EUVDB-ID: #VU64844
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1983
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote administrator can access Container Registries even when IP address restrictions were configured.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 10.7.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper Authorization
EUVDB-ID: #VU64843
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2229
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A remote attacker can extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.7.0 - 15.1.0
GitLab Enterprise Edition: 13.7.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stored cross-site scripting
EUVDB-ID: #VU64842
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2230
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in project settings page. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.4.0 - 15.1.0
GitLab Enterprise Edition: 14.4.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Cross-site scripting
EUVDB-ID: #VU64841
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2235
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in ZenTao integration. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 14.5.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information disclosure
EUVDB-ID: #VU64855
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2281
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to disclosure of release titles if group milestones are associated with any project releases. A remote user can disclose release titles if group milestones are associated with any project releases
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.5.0 - 15.1.0
External linkshttp://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
