CVE-2022-2907 in Community Editioninfo

Summary

by MITRE • 01/18/2023

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/28/2026

This vulnerability in GitLab CE/EE represents a critical access control flaw that allows unauthorized users to read repository content through manipulated links. The issue affects a broad range of versions including 12.9 through 15.1.5, 15.2 through 15.2.3, and 15.3 through 15.3.1, demonstrating the widespread nature of this security weakness. The vulnerability stems from improper validation of access tokens and URL parameters in the repository browsing functionality, creating a path for privilege escalation attacks. This flaw directly violates the principle of least privilege and undermines the fundamental security model of GitLab's access control system.

The technical implementation of this vulnerability involves the manipulation of repository URLs and access tokens that are typically used to authenticate and authorize user access to specific project resources. When a project member generates a link to repository content, the system fails to properly validate whether the requesting user has legitimate access rights to that specific resource. This creates a scenario where an unauthorized user can craft a malicious URL that bypasses normal access controls and retrieves repository contents. The vulnerability is categorized as a path traversal or access control bypass issue, which aligns with CWE-285 access control vulnerabilities and potentially CWE-22 path traversal attacks. The flaw operates at the application level where user input is not properly sanitized or validated before being used to determine access permissions.

The operational impact of this vulnerability extends beyond simple data exposure, as it can enable attackers to access sensitive source code, configuration files, and other repository artifacts that may contain intellectual property, credentials, or other confidential information. This vulnerability can be exploited by attackers who gain access to project member accounts or by malicious actors who can predict or manipulate repository URLs. The attack vector is particularly dangerous because it requires minimal privileges from the attacker's perspective, as they only need to obtain a valid link from a project member to potentially access restricted repository content. This creates a significant risk for organizations that rely on GitLab for code management and collaboration, as the vulnerability can lead to data breaches, intellectual property theft, and compliance violations.

Organizations should immediately implement the official patches provided by GitLab for versions 15.1.6, 15.2.4, and 15.3.2 to address this vulnerability. The recommended mitigation strategy involves updating to the patched versions and implementing additional monitoring of repository access patterns to detect potential exploitation attempts. Security teams should also review existing access controls and user permissions to ensure that project members are not inadvertently exposed to unauthorized access through crafted links. The vulnerability demonstrates the importance of proper input validation and access control implementation in web applications, aligning with ATT&CK technique T1078 legitimate credentials for maintaining access and T1566 credential harvesting through social engineering attacks. Organizations should also consider implementing additional security measures such as rate limiting on repository access requests and enhanced logging of access attempts to better detect and prevent exploitation of similar vulnerabilities.

Responsible

GitLab Inc.

Reservation

08/19/2022

Disclosure

01/18/2023

Moderation

accepted

CPE

ready

EPSS

0.00941

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!