Candidate: CVE-2022-0123
PublicDate: 2022-03-28 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0123
 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0123.json
 https://gitlab.com/gitlab-org/gitlab/-/issues/296632
Description:
 An issue has been discovered affecting GitLab versions prior to 14.4.5,
 between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not
 validate SSL certificates for some of external CI services which makes it
 possible to perform MitM attacks on connections to these external services.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N [6.8 MEDIUM]


Patches_gitlab:
upstream_gitlab: needs-triage
trusty_gitlab: ignored (out of standard support)
xenial_gitlab: ignored (out of standard support)