PT-2022-13679 · Gitlab · Gitlab Ce/Ee+1

Published

2022-04-11

Updated

2024-03-06

CVE-2022-1157

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 14.7.7 GitLab CE/EE version 14.8 prior to 14.8.5 GitLab CE/EE version 14.9 prior to 14.9.2

Description The issue is related to missing sanitization of logged exception messages in GitLab CE/EE, which can cause potential sensitive values in invalid URLs to be logged.

Recommendations For versions prior to 14.7.7, update to version 14.7.7 or later. For version 14.8 prior to 14.8.5, update to version 14.8.5 or later. For version 14.9 prior to 14.9.2, update to version 14.9.2 or later.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BIT-GITLAB-2022-1157

CVE-2022-1157

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2022-13679 · Gitlab · Gitlab Ce/Ee+1

CVE-2022-1157

Weakness Enumeration

Related Identifiers

Affected Products

References · 10