PT-2022-12987 · Gitlab · Gitlab
Published
2022-03-28
·
Updated
2024-03-06
·
CVE-2022-0136
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab versions 10.5 to 14.5.4
GitLab versions 14.6 to 14.6.4
GitLab versions 14.7 to 14.7.1
Description
A vulnerability was discovered in GitLab, making it susceptible to a blind Server-Side Request Forgery (SSRF) attack. This issue is exploited through the Project Import feature.
Recommendations
For GitLab versions 10.5 to 14.5.4, update to a version outside of this range to mitigate the risk.
For GitLab versions 14.6 to 14.6.4, update to a version outside of this range to mitigate the risk.
For GitLab versions 14.7 to 14.7.1, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the Project Import feature until a patch is available.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab