CVE-2022-3375

EPSS 0.43%
Veröffentlicht 05.04.2023 20:15:07
Zuletzt bearbeitet 10.02.2025 22:15:30
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 11.10.0 < 15.8.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 11.10.0 < 15.8.5

Gitlab ≫ Gitlab SwEditioncommunity Version >= 15.9.0 < 15.9.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.9.0 < 15.9.4

Gitlab ≫ Gitlab Version15.10.0 SwEditioncommunity

Gitlab ≫ Gitlab Version15.10.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.619

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-535 Exposure of Information Through Shell Error Message

A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/376041

Broken Link

https://hackerone.com/reports/1710533

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-3375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3375

EUVD