GitLab 12.8 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2022-4462)
Discription

The version of GitLab installed on the remote host is 12.8 prior to 15.7.8, 15.8.4, 15.9.2. It is, therefore, affected by a vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-9-2-RELEASED advisory.

– An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N, 5.0). It is now mitigated in the latest release and is assigned CVE-2022-4462. (CVE-2022-4462)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news: