CVE Vulnerabilities

CVE-2022-0735

Published: Mar 28, 2022 | Modified: Aug 08, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 12.0 (including) 14.6.5 (excluding)
Gitlab Gitlab 14.7 (including) 14.7.4 (excluding)
Gitlab Gitlab 14.8 (including) 14.8.2 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu trusty *
Gitlab Ubuntu xenial *

References