CVE-2022-2501

Опубликовано: 05 авг. 2022

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

EPSS Низкий

Описание

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2501.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/364822
Broken Link
Vendor Advisory
https://hackerone.com/reports/1591412
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2501.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/364822
Broken Link
Vendor Advisory
https://hackerone.com/reports/1591412
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 12.0.0 (включая) до 15.0.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 15.1.0 (включая) до 15.1.4 (исключая)

cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 36%

0.0015

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

CVE-2022-2501

CVSS3: 5.9

ubuntu

больше 3 лет назад

CVE-2022-2501

CVSS3: 5.9

debian

больше 3 лет назад

An improper access control issue in GitLab EE affecting all versions f ...

GHSA-5c73-fgcq-grvm

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 36%

0.0015

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863