CVE-2022-1157 — Log File Information Exposure in Gitlab

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

2.4LOWNVD

EPSS

0.2%

top 56.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedApr 11

Latest updateApr 12

Description

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab14.8.0 — 14.8.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab<14.7.7, >=14.8, <14.8.5, >=14.9, <14.9.2+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-cxfq-987j-wpfw: Missing sanitization of logged exception messages in all versions prior to 14↗2022-04-12

▶

OSV

CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14↗2022-04-11

▶

📋Vendor Advisories

GitLab

CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE caus↗2022-04-11

▶

Debian

CVE-2022-1157: gitlab - Missing sanitization of logged exception messages in all versions prior to 14.7....↗2022

▶