CVE-2022-2229
First published: Fri Jul 01 2022(Updated: )
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=13.7.0<14.10.5 | |
| GitLab | >=13.7.0<14.10.5 | |
| GitLab | >=15.0.0<15.0.4 | |
| GitLab | >=15.0.0<15.0.4 | |
| GitLab | =15.1.0 | |
| GitLab | =15.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2229?
CVE-2022-2229 is considered a high severity vulnerability due to its potential for unauthorized data extraction.
How do I fix CVE-2022-2229?
To fix CVE-2022-2229, update GitLab to version 14.10.5 or later, and ensure version 15.0.4 or later is installed.
What types of projects are affected by CVE-2022-2229?
CVE-2022-2229 affects both public projects and private projects where the attacker is a member.
What is the impact of CVE-2022-2229?
The impact of CVE-2022-2229 allows attackers to extract protected variable values, compromising sensitive data.
Who is affected by CVE-2022-2229?
All users of GitLab CE and EE versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 are affected.
- agent/author
- agent/type
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/gitlab
- canonical/gitlab
- version/gitlab/13.7.0
- version/gitlab/15.0.0
- version/gitlab/15.1.0