CVE-2022-2534

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/361654	Broken Link Vendor Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2534.json	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:15.2::::enterprise:::
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

Configuration 2 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:15.2::::community:::
	cpe:2.3:a:gitlab:gitlab:::::community:::*

Information

Published : 2022-08-05 09:15

Updated : 2022-08-11 08:27

NVD link : CVE-2022-2534

Mitre link : CVE-2022-2534

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

gitlab

gitlab

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/361654", "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/361654", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2534.json", "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2534.json", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2534", "ASSIGNER": "cve@gitlab.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2022-08-05T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.1.4", "versionStartIncluding": "15.1.0"}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.0.5", "versionStartIncluding": "9.3.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.1.4", "versionStartIncluding": "15.1.0"}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.0.5", "versionStartIncluding": "9.3.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-11T15:27Z"}