CVE-2022-0123
MEDIUMGitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Info Disclosure
Title source: llmDescription
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/296632
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0123.json
Scores
CVSS v3
5.9
EPSS
0.0008
EPSS Percentile
24.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
gitlab/gitlab
< 14.4.5
Published
Mar 28, 2022
Tracked Since
Feb 18, 2026