CVE-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.
References
Link Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/381895 Exploit Issue Tracking Vendor Advisory
https://hackerone.com/reports/1757999 Permissions Required Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Information

Published : 2023-01-26 13:16

Updated : 2023-02-01 09:22


NVD link : CVE-2022-3902

Mitre link : CVE-2022-3902


JSON object : View

Advertisement

dedicated server usa

Products Affected

gitlab

  • gitlab