CVE-2022-2228
MEDIUMGitLab EE <14.10.5, <15.0.4, <15.1.1 - Info Disclosure
Title source: llmDescription
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/security/gitlab/-/issues/682
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2228.json
Scores
CVSS v3
5.3
EPSS
0.0015
EPSS Percentile
35.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
gitlab/gitlab
15.1.0
gitlab/gitlab
12.0.0 - 14.10.5
Published
Jul 01, 2022
Tracked Since
Feb 18, 2026