CVE-2022-4376

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

History

09 May 2023, 20:57

Type Values Removed Values Added
First Time Gitlab
Gitlab gitlab
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References (MISC) https://hackerone.com/reports/1794713 - (MISC) https://hackerone.com/reports/1794713 - Permissions Required
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json - Third Party Advisory
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385246 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385246 - Broken Link
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

03 May 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-03 22:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-4376

Mitre link : CVE-2022-4376

CVE.ORG link : CVE-2022-4376


JSON object : View

Products Affected

gitlab

  • gitlab