CVE-2022-0741

Опубликовано: 01 апр. 2022

Источник: debian

Описание

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	fixed	14.6.5+ds1-1	experimental	package
gitlab	fixed	15.10.8+ds1-2		package

Примечания

https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/

Связанные уязвимости

CVE-2022-0741

CVSS3: 5.8

ubuntu

почти 4 года назад

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

CVE-2022-0741

CVSS3: 5.8

nvd

почти 4 года назад

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

GHSA-mqhw-j2hw-86ff

CVSS3: 7.5

github

почти 4 года назад

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.