An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4289.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/384580 | Broken Link |
https://hackerone.com/reports/1780770 | Permissions Required |
https://security.netapp.com/advisory/ntap-20240415-0004/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-03-09T00:00:00
Updated: 2024-04-15T15:06:13.102577
Reserved: 2022-12-05T00:00:00
Link: CVE-2022-4289
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-09T21:15:10.777
Modified: 2024-05-14T11:53:22.947
Link: CVE-2022-4289
JSON object: View
Redhat Information
No data.
CWE