CVE-2022-4335

Summary

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab<15.4.6affected
GitLabGitLab>=15.5, <15.5.5affected
GitLabGitLab>=15.6, <15.6.1affected

Weaknesses

  • Server-side request forgery (ssrf) in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References