CVE-2022-1983 Incorrect authorization in GitLab EE prior to 14.10.5, 15.0.4, and 15.1.1 allowed attackers with a valid Deploy Key or Token to use it from anywhere.

This issue is resolved in GitLab EE versions 10.14.0 - 10.14.8, 15.0.0 - 15.0.4 and 15.1.0 - 15.1.1. To prevent misuse of Deploy Keys and tokens, those credentials are now only accepted from the URL that was configured during the deployment process. If you are using the self-hosted GitLab instance for your projects, you can prevent deployment of code from untrusted sources by enabling the “Require IP whitelisting” option in the “Settings” menu. For more information, see the “Access to GitLab EE via SSH” section of the “Securing Self-Hosted GitLab EE” reference guide. - CVE-2018-10861 - Improper handling of HTTP responses in GitLab CE prior to 11.2.1 allowed an attacker with network access to a GitLab instance to cause a denial of service via a crafted request. - CVE-2018-10862 - Insecure handling of LDAP authentication in GitLab CE prior to 11.2.1 allowed an attacker with network access to a GitLab instance to obtain credentials from an LDAP server via a crafted request. - CVE-2018-10863 - Insecure authorization handling in GitLab EE prior to 10.14.0, 15.0.0, 15.0.4, and 15.1.0 allowed

Other Parts of the Environment

The following vulnerabilities were found in GitLab CE prior to 11.2.1 and may be fixed by upgrading to this release:
- CVE-2018-10860 - Insecure handling of LDAP authentication in GitLab CE prior to 11.2.1 allowed an attacker with network access to a GitLab instance to obtain credentials from an LDAP server via a crafted request. - CVE-2018-10861 - Improper handling of HTTP responses in GitLab CE prior to 11.2.1 allowed an attacker with network access to a GitLab instance to cause a denial of service via a crafted request.

The most common mistakes that people make when outsourcing SEO is not considering the strategy, not thinking about what's important, not having the right budget for your campaign and not making sure that you have all the skills needed for the project

What is GitLab?

GitLab is a suite of open source tools for project management, code collaboration, and task tracking. GitLab CE is designed for teams to collaborate on projects and issues. It's an easy-to-use tool that integrates with other applications including JIRA, Confluence, Bitbucket, Beanstalk, and more.

Timeline

Published on: 07/01/2022 16:15:00 UTC
Last modified on: 07/08/2022 23:23:00 UTC

References

• https://gitlab.com/gitlab-org/gitlab/-/issues/363651
• https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1983.json
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1983