CVE-2022-3291

MEDIUM

GitLab EE <15.2.5-15.4.1 - Info Disclosure

Title source: llm

Description

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

References (2)

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json

[Broken Link, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/354299

Scores

CVSS v3 6.5

EPSS 0.0045

EPSS Percentile 63.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-502

Status published

Affected Products (1)

gitlab/gitlab < 15.2.5

Timeline

Published Oct 17, 2022

Tracked Since Feb 18, 2026