CVE-2022-4289

Published Mar 9, 2023

Last updated 6 months ago

CVSS medium 4.3

Overview

Description: An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
Source: cve@gitlab.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39FEEA34-7A45-4354-A7CD-F3ED9ACFD961",
            "versionEndExcluding": "15.7.8",
            "versionStartIncluding": "15.3.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEFE1317-54AD-437B-AD1B-26E4F0FBFDDA",
            "versionEndExcluding": "15.7.8",
            "versionStartIncluding": "15.3.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE6EB324-C51D-4653-9CD4-6BB5100F0BC1",
            "versionEndExcluding": "15.8.4",
            "versionStartIncluding": "15.8.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB9FE3DB-595E-413B-BE25-2181038A6B96",
            "versionEndExcluding": "15.8.4",
            "versionStartIncluding": "15.8.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22AC1EB0-2D0F-4839-934F-847C5265F469",
            "versionEndExcluding": "15.9.2",
            "versionStartIncluding": "15.9.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FD1CDF6-AD2F-462B-B9DB-3071F4B61396",
            "versionEndExcluding": "15.9.2",
            "versionStartIncluding": "15.9.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References