CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

04 Apr 2022, 19:23

Type Values Removed Values Added
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
First Time Gitlab
Gitlab gitlab
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/353529 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/353529 - Broken Link
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json - Vendor Advisory
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

28 Mar 2022, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-28 19:15

Updated : 2022-04-04 19:23


NVD link : CVE-2022-0735

Mitre link : CVE-2022-0735


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-863

Incorrect Authorization