CVE-2022-2533

NameCVE-2022-2533
DescriptionAn issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gitlabunknownexperimental15.2.3+ds1-1
gitlabunknown(unstable)(unfixed)

Notes

https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/

Search for package or bug name: Reporting problems