Main Vulnerability Database SB2024101811

SB2024101811 - IBM Aspera Faspex update for GitLab Community Edition and GitLab Enterprise Edition

Published: October 18, 2024

Security Bulletin ID SB2024101811

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2022-2497)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote administrator can exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/6589601