Vulnerability: Exfiltration of Integration Access Token in GitLab CE/EE

Vulnerability: Exfiltration of Integration Access Token in GitLab CE/EE

CVE-2022-2497 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

Learn more about our Cis Benchmark Audit For Server Software.