CVE-2022-1413

MEDIUM

Gitlab < 14.8.6 - Insufficiently Protected Credentials

Title source: rule

Description

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface

References (2)

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1413.json

View Writeup ZIP pw:eip

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/353720

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (4)

gitlab/gitlab < 14.8.6

gitlab/gitlab

Timeline

Published May 19, 2022

Tracked Since Feb 18, 2026