id: CVE-2022-0735 info: name: GitLab CE/EE - Information Disclosure author: GitLab Red Team severity: critical description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2. remediation: | Apply the necessary patches or updates provided by GitLab to fix the vulnerability. reference: - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0735 - https://nvd.nist.gov/vuln/detail/cve-2022-0735 - https://gitlab.com/gitlab-org/gitlab/-/issues/353529 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0735 cwe-id: CWE-863 epss-score: 0.02762 epss-percentile: 0.89415 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 vendor: gitlab product: gitlab shodan-query: http.title:"GitLab" tags: cve,cve2022,gitlab http: - method: GET path: - "{{BaseURL}}/users/sign_in" redirects: true max-redirects: 3 matchers: - type: word words: - "015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df" - "02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b" - "051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce" - "08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290" - "0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59" - "1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8" - "1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7" - "1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98" - "27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959" - "2cb8d6d6d17f1b1b8492581de92356755b864cbb6e48347a65baa2771a10ae4f" - "2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be" - "301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0" - "30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f" - "383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7" - "4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1" - "450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54" - "455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8" - "4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2" - "4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160" - "4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7" - "50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9" - "515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe" - "52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c" - "57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de" - "5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4" - "5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f" - "62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51" - "655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f" - "6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb" - "6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef" - "775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df" - "79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9" - "7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5" - "81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3" - "8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353" - "90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159" - "969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e" - "a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528" - "a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d" - "a573aed3df818ca78ab40c01ae3514e16271a18e3c83122deab5d5623b25d4fe" - "a624c11e908db556820e9b07de96e0a465e9be5d5e6b68cdafe6d5c95c99798b" - "a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2" - "a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9" - "ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5" - "ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8" - "b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711" - "ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1" - "be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a" - "bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4" - "bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218" - "c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4" - "c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209" - "c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c" - "cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5" - "d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71" - "d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb" - "e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a" - "e355f614211d036d0b3ffac4cd76da00d89e05717df61629e82571e20ac27488" - "e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee" - "ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d" - "f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812" - "f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac" - "f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11" condition: or extractors: - type: regex group: 1 regex: - '(?:application-)(\S{64})(?:\.css)' # digest: 4a0a00473045022100955dcf9c8b6cb08d1b2f672d1d54349045ff453f008daaa9a85b44a7e73c524d0220078d7b503c4dfadb82243db87b2b7dac52ca6291ee3e3744fb5ee7c4940fe5a8:922c64590222798bb761d5b6d8e72950