First published: Fri Oct 28 2022(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.6.0<15.2.5 | |
GitLab GitLab | >=12.6.0<15.2.5 | |
GitLab GitLab | >=15.3<15.3.4 | |
GitLab GitLab | >=15.3<15.3.4 | |
GitLab GitLab | >=15.4<15.4.1 | |
GitLab GitLab | >=15.4<15.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.