An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/385669 | Broken Link |
https://hackerone.com/reports/1796210 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
15 Mar 2023, 16:36
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
First Time |
Gitlab gitlab
Gitlab |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json - Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1796210 - Permissions Required | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/385669 - Broken Link | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
09 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-09 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4462
Mitre link : CVE-2022-4462
CVE.ORG link : CVE-2022-4462
JSON object : View
Products Affected
gitlab
- gitlab
CWE