CVE-2022-2497
Vulnerability from cvelistv5
Published
2022-08-05 15:09
Modified
2024-08-03 00:39
Severity
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
References
| Source | URL | Tags |
|---|---|---|
| cve@gitlab.com | https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json | Vendor Advisory |
| cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/362671 | Broken Link, Vendor Advisory |
| cve@gitlab.com | https://hackerone.com/reports/1557992 | Permissions Required, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/362671"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1557992"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "\u003e=12.6, \u003c15.0.5"
},
{
"status": "affected",
"version": "\u003e=15.1, \u003c15.1.4"
},
{
"status": "affected",
"version": "\u003e=15.2, \u003c15.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration\u0027s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information exposure in GitLab",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:39:51",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/362671"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1557992"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2022-2497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "\u003e=12.6, \u003c15.0.5"
},
{
"version_value": "\u003e=15.1, \u003c15.1.4"
},
{
"version_value": "\u003e=15.2, \u003c15.2.1"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration\u0027s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/362671",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/362671"
},
{
"name": "https://hackerone.com/reports/1557992",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1557992"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-2497",
"datePublished": "2022-08-05T15:09:19",
"dateReserved": "2022-07-20T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2497\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2022-08-05T16:15:12.067\",\"lastModified\":\"2022-10-27T20:39:01.257\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration\u0027s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 12.6 antes de la 15.0.5, todas las versiones a partir de la 15.1 antes de la 15.1.4, todas las versiones a partir de la 15.2 antes de la 15.2.1. Un desarrollador malintencionado podr\u00eda exfiltrar el token de acceso de una integraci\u00f3n modificando la URL de la integraci\u00f3n de forma que las peticiones autenticadas se env\u00eden a un servidor controlado por el atacante\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7},{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"12.6.0\",\"versionEndExcluding\":\"15.0.5\",\"matchCriteriaId\":\"0FD7184D-167C-478B-8EE5-1C8E021B4A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.4\",\"matchCriteriaId\":\"B835154E-74C9-40CC-9CB1-D0644E8FB5AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"4ECA8C34-F6D0-4ED7-8278-041D709296BC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"12.6.0\",\"versionEndExcluding\":\"15.0.5\",\"matchCriteriaId\":\"B8983233-E8DA-4D3B-B215-6E091021932F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.4\",\"matchCriteriaId\":\"6EB37BE7-C89E-4366-9735-AFD4B5B63984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*\",\"matchCriteriaId\":\"B5EFE8DA-DD79-4CED-A75E-8240DAA9A143\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/362671\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/1557992\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}"
}
}
Loading...