CVE Vulnerability

CVE-2022-3351

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/364266 Broken Link Vendor Advisory
https://hackerone.com/reports/1446022 Permissions Required Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Information

Published : 2022-10-17 04:15

Updated : 2022-10-20 02:28

NVD link : CVE-2022-3351

Mitre link : CVE-2022-3351

Products Affected
No products.
CWE
CWE-200