CVE-2022-4054 in GitLabالمعلومات

الملخص

بحسب MITRE • 26/01/2023

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.

Once again VulDB remains the best source for vulnerability data.

مسؤول

GitLab Inc.

حجز

17/11/2022

إفشاء

26/01/2023

الاعتدال

تمت الموافقة

إدخال

VDB-219374

EPSS

0.00707

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!