CVE-2022-3018 — Log File Information Exposure in Gitlab

CWE-532 — Log File Information Exposure CWE-668 — Resource Exposure5 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 54.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedOct 28

Description

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

▶NVDgitlab/gitlab9.3.0 — 15.2.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=15.3, <15.3.4, >=15.4, <15.4.1, >=9.3, <15.2.5+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2022-3018: An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9↗2022-10-28

▶

GHSA

GHSA-5fw4-hg92-mgm7: An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9↗2022-10-28

▶

📋Vendor Advisories

GitLab

CVE-2022-3018: An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before↗2022-10-28

▶

Debian

CVE-2022-3018: gitlab - An information disclosure vulnerability in GitLab CE/EE affecting all versions s...↗2022

▶