

Rewterz Threat Advisory – CVE-2022-22489 – IBM MQ external Vulnerability
August 21, 2022
Rewterz Threat Advisory – Multiple Cisco Small Business routers Vulnerabilities
August 21, 2022
Rewterz Threat Advisory – CVE-2022-22489 – IBM MQ external Vulnerability
August 21, 2022
Rewterz Threat Advisory – Multiple Cisco Small Business routers Vulnerabilities
August 21, 2022Severity
Medium
Analysis Summary
CVE-2022-1963 CVSS:5.3
GitLab could allow a remote attacker to obtain sensitive information, caused by revealing two-factor authentication user account in the HTML source. A remote attacker could exploit this vulnerability to obtain a user account.
CVE-2022-2227 CVSS:3.1
GitLab could allow a remote attacker to bypass security restrictions, caused by improper access control in the runner jobs. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to access job and project metadata under certain conditions.
CVE-2022-2185 CVSS:9.9
GitLab could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-1999 CVSS:3.1
GitLab could allow a remote attacker to bypass security restrictions, caused by a error in REST API. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to change labels description.
CVE-2022-1983 CVSS:6.5
GitLab could allow a remote authhenticated attacker to bypass security restrictions, caused by improper access control. By misusing a valid Deploy Key or a Deploy Token, an attacker could exploit this vulnerability to bypass access restrictions to access Container Registries even when IP address restrictions were configured.
CVE-2022-1981 CVSS:2.7
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by an error in the domain allow-list. By using the ‘Invite a group’ feature, an attacker could exploit this vulnerability to bypass access restrictions to invite a group that doesn’t comply with the domain allow-list.
Impact
- Information Disclosure
- Security Bypass
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-1963
- CVE-2022-2227
- CVE-2022-2185
- CVE-2022-1999
- CVE-2022-1983
- CVE-2022-1981
Affected Vendors
- GitLab
Affected Products
- GitLab GitLab 15.1.0
- GitLab GitLab 15.0.3
- GitLab GitLab 14.10.4
Remediation
Refer to GitLab Website for patch, upgrade or suggested workaround information.
GitLab Web site