nuclei-templates/cves/2022/CVE-2022-0735.yaml

id: CVE-2022-0735

info:
  name: GitLab CE/EE - Runner Registration Token Disclosure
  author: GitLab Red Team
  severity: critical
  description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
  reference:
    - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
    - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0735
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-0735
    cwe-id: CWE-863
  metadata:
    shodan-query: http.title:"GitLab"
  tags: kev,hackerone,cve,cve2022,gitlab,registration token disclosure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/users/sign_in"

    redirects: true
    max-redirects: 3
    matchers:
      - type: word
        words:
          - "015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df"
          - "02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b"
          - "051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce"
          - "08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290"
          - "0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59"
          - "1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8"
          - "1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7"
          - "1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98"
          - "27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959"
          - "2cb8d6d6d17f1b1b8492581de92356755b864cbb6e48347a65baa2771a10ae4f"
          - "2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be"
          - "301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0"
          - "30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f"
          - "383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7"
          - "4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1"
          - "450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54"
          - "455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8"
          - "4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2"
          - "4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160"
          - "4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7"
          - "50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9"
          - "515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe"
          - "52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c"
          - "57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de"
          - "5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4"
          - "5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f"
          - "62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51"
          - "655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f"
          - "6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb"
          - "6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef"
          - "775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df"
          - "79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9"
          - "7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5"
          - "81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3"
          - "8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353"
          - "90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159"
          - "969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e"
          - "a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528"
          - "a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d"
          - "a573aed3df818ca78ab40c01ae3514e16271a18e3c83122deab5d5623b25d4fe"
          - "a624c11e908db556820e9b07de96e0a465e9be5d5e6b68cdafe6d5c95c99798b"
          - "a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2"
          - "a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9"
          - "ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5"
          - "ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8"
          - "b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711"
          - "ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1"
          - "be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a"
          - "bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4"
          - "bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218"
          - "c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4"
          - "c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209"
          - "c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c"
          - "cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5"
          - "d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71"
          - "d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb"
          - "e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a"
          - "e355f614211d036d0b3ffac4cd76da00d89e05717df61629e82571e20ac27488"
          - "e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee"
          - "ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d"
          - "f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812"
          - "f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac"
          - "f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"
        condition: or

    extractors:
      - type: regex
        group: 1
        regex:
          - '(?:application-)(\S{64})(?:\.css)'
add template for CVE-2022-0735 2022-09-16 13:23:26 +00:00			`id: CVE-2022-0735`

			`info:`
			`name: GitLab CE/EE - Runner Registration Token Disclosure`
			`author: GitLab Red Team`
			`severity: critical`
			`description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.`
			`reference:`
			`- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester`
			`- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0735`
			`classification:`
Auto Generated CVE annotations [Fri Sep 16 15:47:57 UTC 2022] :robot: 2022-09-16 15:47:57 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
add template for CVE-2022-0735 2022-09-16 13:23:26 +00:00			`cve-id: CVE-2022-0735`
Auto Generated CVE annotations [Fri Sep 16 15:47:57 UTC 2022] :robot: 2022-09-16 15:47:57 +00:00			`cwe-id: CWE-863`
add template for CVE-2022-0735 2022-09-16 13:23:26 +00:00			`metadata:`
			`shodan-query: http.title:"GitLab"`
			`tags: kev,hackerone,cve,cve2022,gitlab,registration token disclosure`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/users/sign_in"`

			`redirects: true`
			`max-redirects: 3`
			`matchers:`
			`- type: word`
			`words:`
			`- "015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df"`
			`- "02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b"`
			`- "051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce"`
			`- "08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290"`
			`- "0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59"`
			`- "1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8"`
			`- "1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7"`
			`- "1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98"`
			`- "27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959"`
			`- "2cb8d6d6d17f1b1b8492581de92356755b864cbb6e48347a65baa2771a10ae4f"`
			`- "2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be"`
			`- "301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0"`
			`- "30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f"`
			`- "383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7"`
			`- "4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1"`
			`- "450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54"`
			`- "455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8"`
			`- "4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2"`
			`- "4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160"`
			`- "4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7"`
			`- "50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9"`
			`- "515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe"`
			`- "52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c"`
			`- "57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de"`
			`- "5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4"`
			`- "5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f"`
			`- "62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51"`
			`- "655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f"`
			`- "6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb"`
			`- "6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef"`
			`- "775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df"`
			`- "79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9"`
			`- "7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5"`
			`- "81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3"`
			`- "8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353"`
			`- "90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159"`
			`- "969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e"`
			`- "a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528"`
			`- "a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d"`
			`- "a573aed3df818ca78ab40c01ae3514e16271a18e3c83122deab5d5623b25d4fe"`
			`- "a624c11e908db556820e9b07de96e0a465e9be5d5e6b68cdafe6d5c95c99798b"`
			`- "a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2"`
			`- "a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9"`
			`- "ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5"`
			`- "ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8"`
			`- "b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711"`
			`- "ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1"`
			`- "be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a"`
			`- "bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4"`
			`- "bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218"`
			`- "c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4"`
			`- "c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209"`
			`- "c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c"`
			`- "cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5"`
			`- "d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71"`
			`- "d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb"`
			`- "e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a"`
			`- "e355f614211d036d0b3ffac4cd76da00d89e05717df61629e82571e20ac27488"`
			`- "e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee"`
			`- "ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d"`
			`- "f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812"`
			`- "f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac"`
			`- "f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"`
			`condition: or`

			`extractors:`
			`- type: regex`
			`group: 1`
			`regex:`
			`- '(?:application-)(\S{64})(?:\.css)'`