CVE-2022-2497
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 12.6 antes de la 15.0.5, todas las versiones a partir de la 15.1 antes de la 15.1.4, todas las versiones a partir de la 15.2 antes de la 15.2.1. Un desarrollador malintencionado podría exfiltrar el token de acceso de una integración modificando la URL de la integración de forma que las peticiones autenticadas se envíen a un servidor controlado por el atacante
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-20 CVE Reserved
- 2022-08-05 CVE Published
- 2024-06-21 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json | 2022-10-27 | |
https://gitlab.com/gitlab-org/gitlab/-/issues/362671 | 2022-10-27 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 12.6.0 < 15.0.5 Search vendor "Gitlab" for product "Gitlab" and version " >= 12.6.0 < 15.0.5" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 15.1.0 < 15.1.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 15.1.0 < 15.1.4" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 15.2 Search vendor "Gitlab" for product "Gitlab" and version "15.2" | enterprise |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 12.6.0 < 15.0.5 Search vendor "Gitlab" for product "Gitlab" and version " >= 12.6.0 < 15.0.5" | community |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 15.1.0 < 15.1.4 Search vendor "Gitlab" for product "Gitlab" and version " >= 15.1.0 < 15.1.4" | community |
Affected
| ||||||
Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | 15.2 Search vendor "Gitlab" for product "Gitlab" and version "15.2" | community |
Affected
|