4.3

CVE-2022-3351

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditionenterprise Version >= 13.7.0 < 15.2.5
GitlabGitlab SwEditionenterprise Version >= 15.3 < 15.3.4
GitlabGitlab SwEditionenterprise Version >= 15.4 < 15.4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.488
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
https://hackerone.com/reports/1446022
Third Party Advisory
Permissions Required