CVE-2022-0123
First published: Mon Mar 28 2022(Updated: )
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <14.4.5 | |
| GitLab | >=14.5.0<14.5.3 | |
| GitLab | >=14.6.0<14.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-0123?
CVE-2022-0123 is considered a high-severity vulnerability due to the potential for Man-in-the-Middle attacks.
How do I fix CVE-2022-0123?
To fix CVE-2022-0123, update your GitLab installation to version 14.4.5 or later, or to versions 14.5.4 and onward.
Which versions of GitLab are affected by CVE-2022-0123?
CVE-2022-0123 affects GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
What types of attacks does CVE-2022-0123 allow?
CVE-2022-0123 allows for Man-in-the-Middle attacks due to GitLab's failure to validate SSL certificates for external CI services.
Can CVE-2022-0123 be exploited remotely?
Yes, CVE-2022-0123 can be exploited remotely if users are connecting to untrusted external CI services.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/14.5.0
- version/gitlab/14.6.0