Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
July 28, 2022Rewterz Threat Alert – DanaBot Trojan – Active IOCs
July 28, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
July 28, 2022Rewterz Threat Alert – DanaBot Trojan – Active IOCs
July 28, 2022Severity
Medium
Analysis Summary
CVE-2022-2229
GitLab could allow a remote attacker to obtain sensitive information, caused by an improper authorization issue. An attacker could exploit this vulnerability to extract the value of known variables in public projects or private projects with membership.
CVE-2022-2228
GitLab could allow a remote attacker to obtain sensitive information, caused by improper IP-based access restrictions. A remote attacker with access tokens could exploit this vulnerability to obtain CI variables in a group from outside the allowed IP range.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-2229
- CVE-2022-2228
Affected Vendors
GitLab
Affected Products
- GitLab GitLab 15.1.0
- GitLab GitLab 15.0.3
- GitLab GitLab 14.10.4
Remediation
Refer to GitLab Website for patch, upgrade, or suggested workaround information.