Lucene search

Ubuntu.comUB:CVE-2022-3483

HistoryNov 09, 2022 - 12:00 a.m.

CVE-2022-3483

2022-11-0900:00:00

ubuntu.com

cve-2022-3483

gitlab ce

gitlab ee

datadog integration

access token exfiltration

url modification vulnerability

unix

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions
starting from 12.1 before 15.3.5, all versions starting from 15.4 before
15.4.4, all versions starting from 15.5 before 15.5.2. A malicious
maintainer could exfiltrate a Datadog integration’s access token by
modifying the integration URL such that authenticated requests are sent to
an attacker controlled server.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-3483

nvd.nist.gov/vuln/detail/CVE-2022-3483

security-tracker.debian.org/tracker/CVE-2022-3483

www.cve.org/CVERecord?id=CVE-2022-3483

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

Related for UB:CVE-2022-3483