CVE-2022-0741
published 2022-04-01CVE-2022-0741: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.42%
69.5th percentile
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 10.0.0 < 14.6.5 | 14.6.5 |
| gitlab | gitlab | >= 14.7.0 < 14.7.4 | 14.7.4 |
| gitlab | gitlab | >= 14.8.0 < 14.8.2 | 14.8.2 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2022-0741: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via special
vendor_gitlab·2022-04-01·CVSS 5.8
CVE-2022-0741 [MEDIUM] CWE-116 CVE-2022-0741: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via special
CVE-2022-0741: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
Debian
CVE-2022-0741: gitlab - Improper input validation in all versions of GitLab CE/EE using sendmail to send...
vendor_debian·2022·CVSS 5.8
CVE-2022-0741 [MEDIUM] CVE-2022-0741: gitlab - Improper input validation in all versions of GitLab CE/EE using sendmail to send...
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-mqhw-j2hw-86ff: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via special
ghsa_unreviewed·2022-04-03
CVE-2022-0741 [HIGH] CWE-20 GHSA-mqhw-j2hw-86ff: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via special
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
OSV
CVE-2022-0741: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via special
osv·2022-04-01·CVSS 7.5
CVE-2022-0741 [HIGH] CVE-2022-0741: Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via special
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0741.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/337601https://hackerone.com/reports/1286317https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0741.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/337601https://hackerone.com/reports/1286317
2022-04-01
Published