CVE-2022-1157
published 2022-04-11CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes…
PriorityP48low2.4CVSS 3.1
AVNACLPRHUIRSUCLINAN
EPSS
0.62%
45.3th percentile
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | < 14.7.7 | 14.7.7 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 14.8.0 < 14.8.5 | 14.8.5 |
| gitlab | gitlab | >= 14.9.0 < 14.9.2 | 14.9.2 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.12.4LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv2.4LOW
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cxfq-987j-wpfw: Missing sanitization of logged exception messages in all versions prior to 14
ghsa_unreviewed·2022-04-12
CVE-2022-1157 [LOW] CWE-532 GHSA-cxfq-987j-wpfw: Missing sanitization of logged exception messages in all versions prior to 14
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
OSV
CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14
osv·2022-04-11·CVSS 2.4
CVE-2022-1157 [LOW] CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
GitLab
CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE caus
vendor_gitlab·2022-04-11·CVSS 2.6
CVE-2022-1157 [LOW] CWE-532 CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE caus
CVE-2022-1157: Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
Debian
CVE-2022-1157: gitlab - Missing sanitization of logged exception messages in all versions prior to 14.7....
vendor_debian·2022·CVSS 2.6
CVE-2022-1157 [LOW] CVE-2022-1157: gitlab - Missing sanitization of logged exception messages in all versions prior to 14.7....
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-11
Published