Rewterz Threat Advisory – Multiple GitLab Vulnerabilities

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

July 28, 2022

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

July 28, 2022

Rewterz Threat Advisory – Multiple GitLab Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-2229

GitLab could allow a remote attacker to obtain sensitive information, caused by an improper authorization issue. An attacker could exploit this vulnerability to extract the value of known variables in public projects or private projects with membership.

CVE-2022-2228

GitLab could allow a remote attacker to obtain sensitive information, caused by improper IP-based access restrictions. A remote attacker with access tokens could exploit this vulnerability to obtain CI variables in a group from outside the allowed IP range.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2022-2229
CVE-2022-2228

Affected Vendors

GitLab

Affected Products

GitLab GitLab 15.1.0
GitLab GitLab 15.0.3
GitLab GitLab 14.10.4

Remediation

Refer to GitLab Website for patch, upgrade, or suggested workaround information.

GitLab Website

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan