Information exposure vulnerability in GitLab CE/EE - CVE-2022-2882 (rpm)ID: oval:org.secpod.oval:def:85356 | Date: (C)2022-11-07 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 12.6 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a information exposure vulnerability. A flaw is present in the application, which fails to properly handle GitHub integration's access token. Successful exploitation allows a malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
Product: |
gitlab-ce |
gitlab-ee |