Lucene search
GitLabCVELIST:CVE-2022-0741HistoryApr 01, 2022 - 10:17 p.m.
CVE-2022-0741
2022-04-0122:17:40
GitLab
www.cve.org
7
gitlab ce/ee
input validation
environment variables
theft
sendmail
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
7.6
Confidence
High
EPSS
0.001
Percentile
45.2%
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=10.0, <14.6.5"
},
{
"status": "affected",
"version": ">=14.7, <14.7.4"
},
{
"status": "affected",
"version": ">=14.8, <14.8.2"
}
]
}
]Related
cve
cve
CVE-2022-0741
2022-04-01 23:15:11
debiancve
debiancve
CVE-2022-0741
2022-04-01 23:15:11
veracode
veracode
Improper Input Validation
2023-06-27 18:13:36
prion
prion
Input validation
2022-04-01 23:15:00
osv
osv
CVE-2022-0741
2022-04-01 23:15:11
BIT-gitlab-2022-0741
2024-03-06 11:16:36
nvd
nvd
CVE-2022-0741
2022-04-01 23:15:11
ubuntucve
ubuntucve
CVE-2022-0741
2022-04-01 00:00:00
nessus
nessus
openvas
openvas
freebsd
freebsd
Gitlab -- multiple vulnerabilities
2022-02-25 00:00:00
hivepro
hivepro
Weekly Threat Digest: 28 February – 6 March 2022
2022-03-09 11:09:41
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
7.6
Confidence
High
EPSS
0.001
Percentile
45.2%
Related for CVELIST:CVE-2022-0741