An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/381895 | Exploit Issue Tracking Vendor Advisory |
https://hackerone.com/reports/1757999 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2023-01-26 13:16
Updated : 2023-02-01 09:22
NVD link : CVE-2022-3902
Mitre link : CVE-2022-3902
JSON object : View
CWE
Products Affected
gitlab
- gitlab