CVE-2022-4289

MEDIUM

GitLab <15.7.8-15.9.2 - Info Disclosure

Title source: llm

Description

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.

References (4)

Core 4

Core References

Vendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4289.json

Broken Link

https://gitlab.com/gitlab-org/gitlab/-/issues/384580

Permissions Required

https://hackerone.com/reports/1780770

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240415-0004/

Scores

CVSS v3 6.4

EPSS 0.0254

EPSS Percentile 85.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Details

Status published

Products (1)

gitlab/gitlab 15.3.0 - 15.7.8 (2 CPE variants)

Published Mar 09, 2023

Tracked Since Feb 18, 2026