Unauthorized Access to GitLab Container Registries via Deploy Key or Deploy Token

Unauthorized Access to GitLab Container Registries via Deploy Key or Deploy Token

CVE-2022-1983 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.