CVE-2022-4342 — Sensitive Information Exposure in Gitlab
Severity
3.8LOWNVD
EPSS
2.3%
top 15.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 12
Latest updateDec 30
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5
Affected Packages6 packages
🔴Vulnerability Details
5OSV▶
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15↗2023-04-05
GHSA▶
GHSA-xg8m-4qxg-vm4m: An issue has been discovered in GitLab affecting versions starting from 15↗2023-04-05
OSV▶
CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15↗2023-01-12
GHSA▶
GHSA-892p-f7qf-cw7v: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15↗2023-01-12
📋Vendor Advisories
5GitLab▶
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer↗2023-04-05
GitLab▶
CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, a↗2023-01-12
Debian▶
CVE-2023-0838: gitlab - An issue has been discovered in GitLab affecting versions starting from 15.1 bef...↗2023
Debian▶
CVE-2022-4342: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2022