Описание
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
Ссылки
- Vendor Advisory
- Broken Link
- Permissions Required
- Vendor Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
5.5 Medium
CVSS3
3.8 Low
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
An issue has been discovered in GitLab affecting versions starting fro ...
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
EPSS
5.5 Medium
CVSS3
3.8 Low
CVSS3