CVE-2022-3291

Published: Oct 17, 2022Modified: May 13, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

Affected (3)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 14.9 to 15.2.5
Gitlab Gitlab	From 15.3 to 15.3.4
Gitlab Gitlab	From 15.4 to 15.4.1

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/354299

Source: cve@gitlab.com

Broken LinkVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/354299

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.