Vulnerability Description
Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1
CVSS Score
3.5
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 9.3, < 15.2.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/369008Broken LinkVendor Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/369008Broken LinkVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/369008Broken LinkVendor Advisory
FAQ
What is CVE-2022-3293?
CVE-2022-3293 is a vulnerability with a CVSS score of 3.5 (LOW). Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1
How severe is CVE-2022-3293?
CVE-2022-3293 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3293?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.