CVE-2022-0167

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions 14.0 through 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.2

Description An issue has been discovered in GitLab where the Autocomplete attribute of fields related to sensitive information was not disabled, making it possible to retrieve this information under certain conditions.

Recommendations For versions 14.0 through 14.4.5, update to version 14.4.5 or later. For versions 14.5.0 through 14.5.3, update to version 14.5.3 or later. For versions 14.6.0 through 14.6.2, update to version 14.6.2 or later. As a temporary workaround, consider disabling the Autocomplete attribute for fields related to sensitive information until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-GITLAB-2022-0167

CVE-2022-0167

Affected Products

Gitlab

CVE-2022-0167

Weakness Enumeration

Related Identifiers

Affected Products

References · 7