CVE-2022-2882 — Vulnetix

CVE-2022-2882 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

EPSS 0.62% · 70.4th percentile

Risk Scores

EPSS Score

0.62%

70.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	12.6.0, 15.4.0, 15.3.0
Bitnami	gitlab	12.6.0, 15.3.0, 15.4.0

Exploit Intelligence

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json (circl)
https://gitlab.com/gitlab-org/gitlab/-/issues/371082 (cve.org)
https://hackerone.com/reports/1656722 (bitnami)

Timeline

Jul 1, 2022 CVE Published
Oct 29, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 4, 2025 EPSS Score
Apr 5, 2025 EPSS Score
Apr 14, 2025 EPSS Score
Apr 15, 2025 EPSS Score
May 4, 2025 EPSS Score
Jun 1, 2025 EPSS Score
Jun 5, 2025 EPSS Score

References

Open in Interactive Console →