CVE-2022-2501
First published: Fri Aug 05 2022(Updated: )
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=12.0.0<15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2501?
CVE-2022-2501 is rated as a high severity vulnerability due to its potential to allow unauthorized access to sensitive artifacts.
How do I fix CVE-2022-2501?
To fix CVE-2022-2501, upgrade your GitLab instance to version 15.0.5, 15.1.4, or 15.2.1 or later.
Which versions of GitLab are affected by CVE-2022-2501?
CVE-2022-2501 affects GitLab EE versions from 12.0 up to, but not including, 15.0.5, 15.1 up to 15.1.4, and 15.2 up to 15.2.1.
What kind of attack does CVE-2022-2501 facilitate?
CVE-2022-2501 allows an attacker to bypass IP allow-listing and download artifacts, provided they have proper permissions.
Is CVE-2022-2501 a critical vulnerability that requires immediate attention?
Yes, due to its potential exploitability, CVE-2022-2501 requires immediate attention to ensure security and integrity of data.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.0.0
- version/gitlab/15.1.0
- version/gitlab/15.2