PT-2022-13879 · Gitlab · Gitlab

Firelizzardon

Published

2022-05-11

Updated

2024-03-06

CVE-2022-1426

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions 12.6 through 14.8.5 GitLab versions 14.9 through 14.9.3 GitLab versions 14.10 through 14.10.0

Description An issue has been discovered in GitLab where the platform was not correctly authenticating a user who had a certain amount of information, allowing the user to authenticate without a personal access token.

Recommendations For versions 12.6 through 14.8.5, update to version 14.8.6 or later. For versions 14.9 through 14.9.3, update to version 14.9.4 or later. For versions 14.10 through 14.10.0, update to version 14.10.1 or later.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BIT-GITLAB-2022-1426

CVE-2022-1426

Affected Products

Gitlab

PT-2022-13879 · Gitlab · Gitlab

CVE-2022-1426

Weakness Enumeration

Related Identifiers

Affected Products

References · 9