An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/376041 | Broken Link |
https://hackerone.com/reports/1710533 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
12 Apr 2023, 19:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.10.0:*:*:*:community:*:*:* |
|
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/376041 - Broken Link | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json - Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1710533 - Permissions Required | |
CWE | NVD-CWE-noinfo | |
First Time |
Gitlab
Gitlab gitlab |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.7 |
05 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-05 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-3375
Mitre link : CVE-2022-3375
CVE.ORG link : CVE-2022-3375
JSON object : View
Products Affected
gitlab
- gitlab
CWE