CVE-2022-2498

Summary

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.8, <15.0.5affected
GitLabGitLab>=15.1, <15.1.4affected
GitLabGitLab>=15.2, <15.2.1affected

Weaknesses

  • Incorrect execution-assigned permissions in GitLab

ADP Enrichment

CVE Program Container

Additional References

References