CVE-2022-1983 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2022-1983?
CVE-2022-1983 is a medium-severity vulnerability affecting certain versions of GitLab Enterprise Edition (EE). This incorrect authorization issue allows an attacker with a valid Deploy Key or Deploy Token to access Container Registries from any location, even when IP address restrictions are configured. Systems running GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 are impacted by this vulnerability. It's important for organizations using these versions to take appropriate measures to address this security concern.
Who is impacted by this?
The CVE-2022-1983 vulnerability affects users of GitLab Enterprise Edition (EE) who have configured IP address restrictions and use Deploy Keys or Deploy Tokens. Specifically, it impacts systems running GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. This security issue allows an attacker with a valid Deploy Key or Deploy Token to access Container Registries from any location, even when IP address restrictions are in place.
What to do if CVE-2022-1983 affected you
If you're affected by the CVE-2022-1983 vulnerability, it's crucial to take action to secure your system. To address this issue, follow these simple steps:
Check your GitLab version. If it falls within the affected ranges (10.7 to 14.10.4, 15.0 to 15.0.3, or 15.1 to 15.1.0), proceed to the next step.
Update GitLab to the appropriate patched version: 14.10.5, 15.0.4, or 15.1.1, depending on your current version.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-1983 vulnerability, known as "Incorrect authorization in GitLab EE," is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. To address this issue, it's recommended to update GitLab EE to a version that is not affected by this vulnerability.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-863, which refers to incorrect authorization in GitLab EE.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, consult the NVD page and the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-1983 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2022-1983?
CVE-2022-1983 is a medium-severity vulnerability affecting certain versions of GitLab Enterprise Edition (EE). This incorrect authorization issue allows an attacker with a valid Deploy Key or Deploy Token to access Container Registries from any location, even when IP address restrictions are configured. Systems running GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 are impacted by this vulnerability. It's important for organizations using these versions to take appropriate measures to address this security concern.
Who is impacted by this?
The CVE-2022-1983 vulnerability affects users of GitLab Enterprise Edition (EE) who have configured IP address restrictions and use Deploy Keys or Deploy Tokens. Specifically, it impacts systems running GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. This security issue allows an attacker with a valid Deploy Key or Deploy Token to access Container Registries from any location, even when IP address restrictions are in place.
What to do if CVE-2022-1983 affected you
If you're affected by the CVE-2022-1983 vulnerability, it's crucial to take action to secure your system. To address this issue, follow these simple steps:
Check your GitLab version. If it falls within the affected ranges (10.7 to 14.10.4, 15.0 to 15.0.3, or 15.1 to 15.1.0), proceed to the next step.
Update GitLab to the appropriate patched version: 14.10.5, 15.0.4, or 15.1.1, depending on your current version.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-1983 vulnerability, known as "Incorrect authorization in GitLab EE," is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. To address this issue, it's recommended to update GitLab EE to a version that is not affected by this vulnerability.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-863, which refers to incorrect authorization in GitLab EE.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, consult the NVD page and the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-1983 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2022-1983?
CVE-2022-1983 is a medium-severity vulnerability affecting certain versions of GitLab Enterprise Edition (EE). This incorrect authorization issue allows an attacker with a valid Deploy Key or Deploy Token to access Container Registries from any location, even when IP address restrictions are configured. Systems running GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 are impacted by this vulnerability. It's important for organizations using these versions to take appropriate measures to address this security concern.
Who is impacted by this?
The CVE-2022-1983 vulnerability affects users of GitLab Enterprise Edition (EE) who have configured IP address restrictions and use Deploy Keys or Deploy Tokens. Specifically, it impacts systems running GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. This security issue allows an attacker with a valid Deploy Key or Deploy Token to access Container Registries from any location, even when IP address restrictions are in place.
What to do if CVE-2022-1983 affected you
If you're affected by the CVE-2022-1983 vulnerability, it's crucial to take action to secure your system. To address this issue, follow these simple steps:
Check your GitLab version. If it falls within the affected ranges (10.7 to 14.10.4, 15.0 to 15.0.3, or 15.1 to 15.1.0), proceed to the next step.
Update GitLab to the appropriate patched version: 14.10.5, 15.0.4, or 15.1.1, depending on your current version.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-1983 vulnerability, known as "Incorrect authorization in GitLab EE," is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects GitLab EE versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. To address this issue, it's recommended to update GitLab EE to a version that is not affected by this vulnerability.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-863, which refers to incorrect authorization in GitLab EE.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, consult the NVD page and the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions