CVE-2022-1935 in Enterprise Edition
Summary
by MITRE • 06/06/2022
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/08/2022
This vulnerability represents a critical authorization flaw in GitLab Enterprise Edition that undermines the security controls designed to protect project trigger tokens. The issue affects a broad range of versions including those from 12.0 through 14.9.4, 14.10.0 through 14.10.3, and 15.0.0 through 15.0.0, demonstrating a significant gap in the authorization mechanism that persisted across multiple release cycles. The vulnerability specifically targets project trigger tokens which are commonly used for automated CI/CD pipeline execution and are often considered sensitive credentials that should be tightly controlled.
The technical flaw manifests as a failure in the authorization validation process where the system does not properly enforce IP address restrictions when validating project trigger tokens. This creates a scenario where an attacker who has obtained a valid trigger token can execute unauthorized operations from any location, completely bypassing network-based access controls that should normally limit token usage to specific IP ranges. This represents a fundamental breakdown in the principle of least privilege and network segmentation that organizations rely upon for security.
The operational impact of this vulnerability is severe as it allows attackers to exploit legitimate credentials without being constrained by network access controls. When organizations configure IP restrictions on project trigger tokens as part of their security posture, they expect these restrictions to be enforced. However, this vulnerability enables attackers to circumvent these protections entirely, potentially allowing unauthorized access to build systems, deployment environments, and sensitive project resources. The implications extend beyond simple credential theft to include potential code injection, unauthorized deployments, and access to confidential project data.
From a cybersecurity perspective, this vulnerability aligns with CWE-284 which describes improper access control, and demonstrates how inadequate authorization checks can create significant security gaps. The flaw also relates to ATT&CK technique T1566 which covers credential harvesting and T1078 which covers valid accounts. Organizations using GitLab Enterprise Edition should immediately implement mitigations including upgrading to the patched versions, reviewing existing trigger token configurations, and implementing additional monitoring for unauthorized token usage patterns. The vulnerability underscores the importance of comprehensive authorization testing and validation, particularly for automated systems where credential exposure can have cascading security implications across entire development pipelines and deployment environments.
This authorization bypass represents a particularly dangerous vulnerability because trigger tokens are often used in automated environments where they may have elevated privileges and access to production systems. The combination of the vulnerability's broad impact across multiple versions and the potential for significant damage makes this issue particularly concerning for organizations that rely heavily on GitLab's CI/CD capabilities. Security teams should prioritize this vulnerability in their remediation efforts and consider implementing additional controls such as token rotation policies and enhanced monitoring for suspicious access patterns. The incident highlights the critical need for regular security assessments of automated credential handling mechanisms and the importance of maintaining up-to-date security patches across all enterprise systems.