CVE-2022-4255

Published: Jan 27, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.7.0 to 15.4.6
Gitlab Gitlab	From 15.5.0 to 15.5.5
Gitlab Gitlab	From 13.7.0 to 15.4.6
Gitlab Gitlab	From 15.5.0 to 15.5.5
Gitlab Gitlab	Version 15.6.0
Gitlab Gitlab	Version 15.6.0

References (4)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/373819

Source: cve@gitlab.com

Issue TrackingVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/373819

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.