Candidate: CVE-2022-0735
PublicDate: 2022-03-28 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0735
 https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
Description:
 An issue has been discovered in GitLab CE/EE affecting all versions
 starting from 12.10 before 14.6.5, all versions starting from 14.7 before
 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user
 was able to steal runner registration tokens through an information
 disclosure vulnerability using quick actions commands.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_gitlab:
upstream_gitlab: needs-triage
trusty_gitlab: ignored (out of standard support)
xenial_gitlab: ignored (out of standard support)