Vulnerabilities > CVE-2022-2229 - Unspecified vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Vulnerable Configurations
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2229.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2229.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/355738
- https://gitlab.com/gitlab-org/gitlab/-/issues/355738
- https://hackerone.com/reports/1511133
- https://hackerone.com/reports/1511133