Vulnerabilities

CVE-2022-1983

by Fred · 01/07/2022

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.

Date published : 2022-07-01

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1983.json

https://gitlab.com/gitlab-org/gitlab/-/issues/363651

Related

Tags: Cybersecurity Alert