An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2022-03-28T18:52:59

Updated: 2024-08-02T23:40:03.557Z

Reserved: 2022-02-23T00:00:00

Link: CVE-2022-0735

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-28T19:15:08.680

Modified: 2024-11-21T06:39:17.353

Link: CVE-2022-0735

cve-icon Redhat

No data.