Search for vulnerabilities
Vulnerability ID | VCID-9q2b-awjx-zfbs |
Aliases |
CVE-2022-2095
|
Summary | An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key. |
Status | Published |
Exploitability | 0.5 |
Weighted Severity | 6.2 |
Risk | 3.1 |
Affected and Fixed Packages | Package Details |
There are no known CWE. |
System | Score | Found at |
---|---|---|
epss | 0.00431 | https://api.first.org/data/v1/epss?cve=CVE-2022-2095 |
archlinux | Medium | https://security.archlinux.org/AVG-2785 |
Reference id | Reference type | URL |
---|---|---|
https://api.first.org/data/v1/epss?cve=CVE-2022-2095 | ||
AVG-2785 | https://security.archlinux.org/AVG-2785 |
Percentile | 0.61696 |
EPSS Score | 0.00431 |
Published At | June 30, 2025, 12:55 p.m. |
Date | Actor | Action | Source | VulnerableCode Version |
---|---|---|---|---|
2025-07-01T11:54:13.687457+00:00 | Arch Linux Importer | Import | https://security.archlinux.org/AVG-2785 | 36.1.3 |