| ID |
CVE-2022-2095
|
| Summary |
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
-
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
-
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
|
| CVSS |
| Base: | None |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-863 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
|
|
|
|
| Impact |
| Confidentiality | Integrity | Availability |
|
|
|
|
| Last major update |
11-08-2022 - 15:01 |
| Published |
05-08-2022 - 16:15 |
| Last modified |
11-08-2022 - 15:01 |
