CVE-2022-1120Information Exposure via Error Message in Gitlab

CWE-209Information Exposure via Error Message5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 52.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab CE
Timeline
PublishedApr 4
Latest updateApr 5

Description

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDgitlab/gitlab14.8.014.8.5+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab<14.7.7, >=14.8, <14.8.5, >=14.9, <14.9.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-5733-m8xv-f92m: Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 142022-04-05
OSV
CVE-2022-1120: Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 142022-04-04

📋Vendor Advisories

2
GitLab
CVE-2022-1120: Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed s2022-04-04
Debian
CVE-2022-1120: gitlab - Missing filtering in an error message in GitLab CE/EE affecting all versions pri...2022