First published: Tue Jan 24 2023(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.9.0<15.4.6 | |
GitLab GitLab | >=12.9.0<15.4.6 | |
GitLab GitLab | >=15.5.0<15.5.5 | |
GitLab GitLab | >=15.5.0<15.5.5 | |
GitLab GitLab | =15.6.0 | |
GitLab GitLab | =15.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.