CVE-2022-3820
6.5
MEDIUM
CVSS 3.1
EPSS 0.12%
Description
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
How to fix CVE-2022-3820
To remediate CVE-2022-3820, upgrade the affected package to a fixed version below.
- —upgrade to 15.4.6 or later
Is CVE-2022-3820 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 15.4.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |