CVE-2022-0123

EPSS 0.08%
Veröffentlicht 28.03.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 06:37:57
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab Version < 14.4.5

Gitlab ≫ Gitlab Version >= 14.5.0 < 14.5.3

Gitlab ≫ Gitlab Version >= 14.6.0 < 14.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.247

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
cve@gitlab.com	5.9	0.7	5.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0123.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/296632

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-0123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0123

EUVD