CVE-2022-2229

HIGH

GitLab CE/EE <14.10.5-15.0.4-15.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-2229. PoCs published by hackerone_a0xnirudh.

AI-analyzed exploit summary The repository contains only placeholder files (README.md, .gitlab-ci.yml, and a deploy template) with no actual exploit code or technical details about CVE-2022-2229. The README is a generic GitLab template with no vulnerability-specific content.

Description

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.

Exploits (1)

gitlab STUB
by hackerone_a0xnirudh · poc
https://gitlab.com/hackerone_a0xnirudh/cve-2022-2229-bypass-demo-deletion_scheduled-79807952

The repository contains only placeholder files (README.md, .gitlab-ci.yml, and a deploy template) with no actual exploit code or technical details about CVE-2022-2229. The README is a generic GitLab template with no vulnerability-specific content.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 26, 2026 Full analysis →

References (3)

Core 3
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1511133

Scores

CVSS v3 7.5
EPSS 0.0106
EPSS Percentile 60.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (2)
gitlab/gitlab 15.1.0 (2 CPE variants)
gitlab/gitlab 13.7.0 - 14.10.5 (2 CPE variants)
Published Jul 01, 2022
Tracked Since Feb 18, 2026