CVE-2022-0738

MEDIUM

GitLab <14.6.5-14.8.2 - Info Disclosure

Title source: llm

Description

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions.

References (2)

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0738.json

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/27395

Scores

CVSS v3 4.2

EPSS 0.0019

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

gitlab/gitlab < 14.6.5

Timeline

Published Mar 28, 2022

Tracked Since Feb 18, 2026