CVE-2022-4255

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4255

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4255.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-4255

Aliases

BIT-gitlab-2022-4255

Published

2023-01-27T22:15:09Z

Modified

2024-11-21T07:34:53Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json
https://gitlab.com/gitlab-org/gitlab/-/issues/373819

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

036576a25d67513637c1e2cba5859af47695188e

Fixed

4fc991ae59a1eea8f776ef290e8da400331ba5b9