CVE-2022-2499
First published: Fri Aug 05 2022(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=13.10.0<15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2499?
CVE-2022-2499 is classified as a medium severity vulnerability due to its potential for exploitation in GitLab's Jira integration.
How do I fix CVE-2022-2499?
To fix CVE-2022-2499, upgrade GitLab to version 15.0.5, 15.1.4, or 15.2.1 or later.
What versions of GitLab are affected by CVE-2022-2499?
CVE-2022-2499 affects all GitLab EE versions starting from 13.10 before 15.0.5, 15.1 before 15.1.4, and 15.2 before 15.2.1.
What is an insecure direct object reference in the context of CVE-2022-2499?
Insecure direct object reference in CVE-2022-2499 allows unauthorized access to sensitive resources within GitLab's Jira integration.
How can I determine if my system is vulnerable to CVE-2022-2499?
Check your GitLab installation version against the affected versions list for CVE-2022-2499 to determine vulnerability.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/13.10.0
- version/gitlab/15.1.0
- version/gitlab/15.2