CVE-2022-2882

MEDIUM

GitLab CE/EE <15.2.5, <15.3.4, <15.4.1 - Info Disclosure

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

References (3)

Scores

CVSS v3 5.5
EPSS 0.0128
EPSS Percentile 79.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Classification

CWE
CWE-668
Status published

Affected Products (2)

gitlab/gitlab < 15.2.5
gitlab/gitlab < 15.2.5

Timeline

Published Oct 28, 2022
Tracked Since Feb 18, 2026