ID |
CVE-2022-2095
|
Summary |
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
|
CVSS |
Base: | None |
Impact: | |
Exploitability: | |
|
CWE |
CWE-863 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
|
|
|
|
Impact |
Confidentiality | Integrity | Availability |
|
|
|
|
Last major update |
11-08-2022 - 15:01 |
Published |
05-08-2022 - 16:15 |
Last modified |
11-08-2022 - 15:01 |