PT-2022-12974 · Gitlab · Gitlab

Joaxcaron

Published

2022-01-18

Updated

2024-03-06

CVE-2022-0093

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.1

Description An issue has been discovered in GitLab that allows a user with an expired password to access sensitive information through RSS feeds.

Recommendations For versions prior to 14.4.5, update to version 14.4.5 or later. For versions 14.5.0 through 14.5.3, update to version 14.5.4 or later. For versions 14.6.0 through 14.6.1, update to version 14.6.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-GITLAB-2022-0093

CVE-2022-0093

Affected Products

Gitlab

PT-2022-12974 · Gitlab · Gitlab

CVE-2022-0093

Related Identifiers

Affected Products

References · 11