CVE-2022-3351

medium

Description

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.

References

https://hackerone.com/reports/1446022

https://gitlab.com/gitlab-org/gitlab/-/issues/364266

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json

Details

Source: Mitre, NVD

Published: 2022-10-17

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium