CVE-2022-4342
published 2023-01-12CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all…
PriorityP414low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.73%
49.8th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.1 < 15.11.10 | 15.11.10 |
| gitlab | gitlab | >= 15.1.0 < 15.8.5 | 15.8.5 |
| gitlab | gitlab | >= 15.1.0 < 15.5.7 | 15.5.7 |
| gitlab | gitlab | >= 15.6.0 < 15.6.4 | 15.6.4 |
| gitlab | gitlab | >= 15.7.0 < 15.7.2 | 15.7.2 |
| gitlab | gitlab | >= 15.9.0 < 15.9.4 | 15.9.4 |
| gitlab | gitlab | >= 16.0 < 16.0.6 | 16.0.6 |
| gitlab | gitlab | >= 16.1 < 16.1.1 | 16.1.1 |
| gitlab | gitlab_ce | — | — |
| linux | linux_kernel | >= 5.16.0 < 6.0.16 | 6.0.16 |
| linux | linux_kernel | >= 6.1.0 < 6.1.2 | 6.1.2 |
CVSS provenance
nvdv3.13.8LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
osv3.8LOW
vendor_debian5.5MEDIUM
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
bpf: Prevent decl_tag from being referenced in func_proto arg
osv·2025-12-30
CVE-2022-50883 bpf: Prevent decl_tag from being referenced in func_proto arg
bpf: Prevent decl_tag from being referenced in func_proto arg
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems simil
OSV
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15
osv·2023-04-05·CVSS 3.8
CVE-2023-0838 [LOW] CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
GHSA
GHSA-xg8m-4qxg-vm4m: An issue has been discovered in GitLab affecting versions starting from 15
ghsa_unreviewed·2023-04-05·CVSS 5.5
CVE-2023-0838 [MEDIUM] CWE-200 GHSA-xg8m-4qxg-vm4m: An issue has been discovered in GitLab affecting versions starting from 15
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
OSV
CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
osv·2023-01-12·CVSS 3.8
CVE-2022-4342 [LOW] CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
GHSA
GHSA-892p-f7qf-cw7v: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
ghsa_unreviewed·2023-01-12
CVE-2022-4342 [LOW] GHSA-892p-f7qf-cw7v: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
Red Hat
kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
vendor_redhat·2025-12-30·CVSS 3.3
CVE-2022-50883 [LOW] CWE-1287 kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems s
GitLab
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer
vendor_gitlab·2023-04-05·CVSS 5.5
CVE-2023-0838 [MEDIUM] CWE-200 CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer
CVE-2023-0838: An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
GitLab
CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, a
vendor_gitlab·2023-01-12·CVSS 5.5
CVE-2022-4342 [MEDIUM] CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, a
CVE-2022-4342: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
Debian
CVE-2023-0838: gitlab - An issue has been discovered in GitLab affecting versions starting from 15.1 bef...
vendor_debian·2023·CVSS 5.5
CVE-2023-0838 [MEDIUM] CVE-2023-0838: gitlab - An issue has been discovered in GitLab affecting versions starting from 15.1 bef...
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
Debian
CVE-2022-4342: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
vendor_debian·2022·CVSS 5.5
CVE-2022-4342 [MEDIUM] CVE-2022-4342: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/385118https://hackerone.com/reports/1791331https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/385118https://hackerone.com/reports/1791331
2023-01-12
Published