CVE-2022-4365

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...

BIT-GITLAB-2023-4378 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

GitLab 11.8 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4365)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A...

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

GitLab: Maintainer can leak sentry token by changing the configured URL (fix bypass)

A malicious Maintainer could have leaked the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365...

GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4365)

The version of GitLab installed on the remote host is prior to 15.5.7, 15.6.4, 15.7.2. It is, therefore, affected by an information disclosure vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-7-2-RELEASED advisory. - An issue has been discovered in GitLab CE/EE affecting all versions...

CVE-2022-4365

creationtimestamp| type| source ---|---|--- 2023-01-12 07:30:05+00:00| seen| https://t.me/cibsecurity/56412 2023-09-01 14:13:47+00:00| seen| https://t.me/cibsecurity/69621 2025-05-23 04:46:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17370...

CVE-2022-4365

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...

CVE-2022-4365

GitLab CE/EE is affected by CVE-2022-4365 and CVE-2023-4378: a malicious Maintainer can leak the Sentry token by changing the URL in the Sentry error tracking settings. Affected are GitLab versions starting from 11.8 up to 15.5.7, 15.6 up to 15.6.4, and 15.7 up to 15.7.2. The issue stems from an ...