Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.

Published

2023-01-26T21:15:58.750

Last Modified

2025-04-02T15:15:46.443

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-Other
Type: Secondary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 15.4.6	Yes
Application	gitlab	gitlab	< 15.4.6	Yes
Application	gitlab	gitlab	< 15.5.5	Yes
Application	gitlab	gitlab	< 15.5.5	Yes
Application	gitlab	gitlab	15.6.0	Yes
Application	gitlab	gitlab	15.6.0	Yes

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/378638 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/378638 Exploit, Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)