First published: Fri Aug 05 2022(Updated: )
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >=12.0.0<15.0.5 | |
GitLab | >=15.1.0<15.1.4 | |
GitLab | =15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2501 is rated as a high severity vulnerability due to its potential to allow unauthorized access to sensitive artifacts.
To fix CVE-2022-2501, upgrade your GitLab instance to version 15.0.5, 15.1.4, or 15.2.1 or later.
CVE-2022-2501 affects GitLab EE versions from 12.0 up to, but not including, 15.0.5, 15.1 up to 15.1.4, and 15.2 up to 15.2.1.
CVE-2022-2501 allows an attacker to bypass IP allow-listing and download artifacts, provided they have proper permissions.
Yes, due to its potential exploitability, CVE-2022-2501 requires immediate attention to ensure security and integrity of data.