Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-0735
CVE-2022-0735:
GitLab vulnerability analysis and mitigation
Overview
CVE-2022-0735 is a critical security vulnerability discovered in GitLab CE/EE affecting all versions from 12.10 before 14.6.5, versions from 14.7 before 14.7.4, and versions from 14.8 before 14.8.2. The vulnerability allowed unauthorized users to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. The issue was discovered and reported through GitLab's HackerOne bug bounty program by researcher 0xn3va, and was publicly disclosed on February 25, 2022 (GitLab Release).
Technical details
The vulnerability received a CVSS v3.1 base score of 9.8 (Critical) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, while GitLab assessed it at CVSS 10.0 (Critical) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability specifically involved the exposure of runner registration tokens through quick action commands, which could allow unauthorized access to GitLab's CI/CD infrastructure (NVD).
Impact
The vulnerability allowed unauthorized users to steal runner registration tokens, which could potentially lead to unauthorized access to GitLab's CI/CD infrastructure. As part of the mitigation, GitLab reset all runner registration tokens for groups and projects, which could affect automated processes that encoded registration token values. The impact was significant enough that GitLab released an immediate critical security update and provided hotpatches for older versions (GitLab Release).
Mitigation and workarounds
GitLab released patched versions 14.8.2, 14.7.4, and 14.6.5 to address this vulnerability. For self-managed instances not on versions 14.6 or greater, GitLab published temporary hotpatches. The fix included an automatic reset of all runner registration tokens for groups and projects. Organizations using automated processes for runner registration needed to update their scripts with new tokens. For Kubernetes runners, manual updates to the Helm chart values with new registration tokens were required (GitLab Release).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management