Lucene search

CVE-2022-4342

🗓️ 12 Jan 2023 04:10:15Reported by GitLabType

CVE-2022-4342: GitLab CE/EE versions 15.1 - 15.7.2 allow masked webhook secrets leakage

Reporter	Title	Published	Views	Family All 23
Prion	Design/Logic Flaw	12 Jan 202304:15	–	prion
Prion	Design/Logic Flaw	5 Apr 202321:15	–	prion
OSV	BIT-gitlab-2022-4342	6 Mar 202411:13	–	osv
OSV	CVE-2022-4342	12 Jan 202304:15	–	osv
OSV	BIT-gitlab-2023-0838	6 Mar 202411:11	–	osv
OSV	CVE-2023-0838	5 Apr 202321:15	–	osv
Tenable Nessus	GitLab 15.1 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4342)	3 Jan 202400:00	–	nessus
Tenable Nessus	GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4342)	8 Feb 202300:00	–	nessus
Tenable Nessus	GitLab 15.1 < 15.8.5 / 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-0838)	4 Apr 202300:00	–	nessus
Tenable Nessus	FreeBSD : Gitlab -- Multiple Vulnerabilities (3a023570-91ab-11ed-8950-001b217b3468)	11 Jan 202300:00	–	nessus

Nvd

Vulners

Node

gitlab gitlabRange15.1.0–15.5.7community

gitlab gitlabRange15.1.0–15.5.7enterprise

gitlab gitlabRange15.6.0–15.6.4community

gitlab gitlabRange15.6.0–15.6.4enterprise

gitlab gitlabRange15.7.0–15.7.2community

gitlab gitlabRange15.7.0–15.7.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "versions": [
      {
        "version": ">=15.1, <15.5.7",
        "status": "affected"
      },
      {
        "version": ">=15.6, <15.6.4",
        "status": "affected"
      },
      {
        "version": ">=15.7, <15.7.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1791331
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/385118
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.json

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jan 2023 04:15Current

4Medium risk

Vulners AI Score4

CVSS33.8 - 5.5

EPSS0.00062

cve-2022-4342 gitlab ce ee webhook security vulnerability nvd