Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2022-2512 CVE-2022-2498 CVE-2022-2326 CVE-2022-2417 CVE-2022-2501 CVE-2022-2497 CVE-2022-2531 CVE-2022-2539 CVE-2022-2456 CVE-2022-2500 CVE-2022-2303 CVE-2022-2095 CVE-2022-2499 CVE-2022-2307 CVE-2022-2459 CVE-2022-2534 |
| CWE-ID | CWE-200 CWE-284 CWE-20 CWE-22 CWE-79 CWE-287 CWE-19 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gitlab Community Edition Universal components / Libraries / Software for developers GitLab Enterprise Edition Universal components / Libraries / Software for developers |
| Vendor | GitLab, Inc |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU65872
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2512
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to membership changes are not reflected in TODO for confidential notes. A remote user can read updates via TODOs.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 15.0.0 - 15.2.0
GitLab Enterprise Edition: 15.0.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU65873
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2498
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in pipeline subscriptions. A remote user can trigger new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.8.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU65874
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2326
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can gain access to a private project through an email invite by using other user's email address as an unverified secondary email.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.2.0
GitLab Enterprise Edition: 6.2.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU65875
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2417
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.10.0 - 15.2.0
GitLab Enterprise Edition: 12.10.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU65876
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2501
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass IP allow-listing and download artifacts.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.0.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU65877
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2497
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote administrator can exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 12.6.0 - 15.2.0
GitLab Enterprise Edition: 12.6.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Path traversal
EUVDB-ID: #VU65878
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2531
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 12.5.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU65879
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2539
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can filter issues by contact and organization.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 14.6.0 - 15.2.0
GitLab Enterprise Edition: 14.6.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU65880
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2456
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote administrator can use a specially crafted POST request and change their corresponding group or project visibility.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.2.0
GitLab Enterprise Edition: 6.2.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Stored cross-site scripting
EUVDB-ID: #VU65881
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2500
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in job error messages. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.2.0
GitLab Enterprise Edition: 6.2.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Authentication
EUVDB-ID: #VU65885
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2303
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote user can bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 0.1.5 - 15.2.0
GitLab Enterprise Edition: 6.2.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU65886
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2095
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can view a public project's Deploy Key's public fingerprint and name when that key has write permission.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.7.0 - 15.2.0
GitLab Enterprise Edition: 13.7.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information disclosure
EUVDB-ID: #VU65887
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2499
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an insecure direct object reference (IDOR) issue in project with Jira integration. A remote user can leak Jira issues.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 13.10.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU65889
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2307
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a lack of cascading deletes. A remote administrator can retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 13.0.0 - 15.2.0
GitLab Enterprise Edition: 13.0.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper access control
EUVDB-ID: #VU65893
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2459
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote administrator to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the email invited members can join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitLab Enterprise Edition: 6.2.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Data Handling
EUVDB-ID: #VU65894
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2534
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to improper data handling in the Datadog integration. A remote administrator can gain access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGitlab Community Edition: 9.3 - 15.2.0
GitLab Enterprise Edition: 9.3.0 - 15.2.0
External linkshttp://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
