Incorrect authorization vulnerability in GitLab EE - CVE-2022-1983 (dpkg)ID: oval:org.secpod.oval:def:84666 | Date: (C)2022-10-04 (M)2023-08-16 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab EE 10.7 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allows attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.