ByteOS Network

Vulnerability Details :

CVE-2022-3293

Assigner-GitLab

Assigner Org ID-ceab7361-8a18-47b1-92ba-4d7d25f6715a

Published At-17 Oct, 2022 | 00:00

Updated At-13 May, 2025 | 15:39

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitLab

Assigner Org ID:ceab7361-8a18-47b1-92ba-4d7d25f6715a

Published At:17 Oct, 2022 | 00:00

Updated At:13 May, 2025 | 15:39

▼CVE Numbering Authority (CNA)

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

Affected Products

Vendor

GitLab Inc.

Product

GitLab

Versions

Affected

>=9.3, <15.2.5
>=15.3, <15.3.4
>=15.4, <15.4.1

Problem Types

Type	CWE ID	Description
text	N/A	Information exposure in GitLab

Type: text

CWE ID: N/A

Description: Information exposure in GitLab

Metrics

Version	Base score	Base severity	Vector
3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Credits

This vulnerability has been discovered internally by the GitLab team

References

Hyperlink	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/369008	N/A
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json	N/A

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/369008

Resource: N/A

Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/369008	x_transferred
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json	x_transferred

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/369008

Resource:

x_transferred

Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-532	CWE-532 Insertion of Sensitive Information into Log File

Type: CWE

CWE ID: CWE-532

Description: CWE-532 Insertion of Sensitive Information into Log File

Metrics Other Info

References

Hyperlink	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/369008	exploit

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/369008

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@gitlab.com

Published At:17 Oct, 2022 | 16:15

Updated At:13 May, 2025 | 16:15

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CPE Matches

GitLab Inc.

>>gitlab>>Versions from 9.3(inclusive) to 15.2.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 15.3(inclusive) to 15.3.4(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 15.4(inclusive) to 15.4.1(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-532	Primary	nvd@nist.gov
CWE-532	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-532

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-532

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json	cve@gitlab.com	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/369008	cve@gitlab.com	Broken Link Vendor Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/369008	af854a3a-2127-422b-91ae-364da2661108	Broken Link Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/369008	134c704f-9b21-4f2e-91b3-4a467353bcc0	Broken Link Vendor Advisory

Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json

Source: cve@gitlab.com

Resource:

Vendor Advisory

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/369008

Source: cve@gitlab.com

Resource:

Broken Link

Vendor Advisory

Hyperlink: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3293.json

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/369008

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Broken Link

Vendor Advisory

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/369008

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Broken Link

Vendor Advisory

Similar CVEs

205Records found

CVE-2024-23677

Matching Score-4

Assigner-Splunk Inc.

View Details

Matching Score-4

Assigner-Splunk Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.76%

7 Day CHG~0.00%

Published-22 Jan, 2024 | 20:37

Updated-28 Feb, 2025 | 11:03

Server Response Disclosure in RapidDiag Salesforce.com Log File

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

Vendor-Splunk LLC (Cisco Systems, Inc.)

Product-cloud splunk Splunk Cloud Splunk Enterprise

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2024-22339

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.06% / 19.02%

7 Day CHG~0.00%

Published-12 Apr, 2024 | 16:51

Updated-29 Jan, 2025 | 21:27

IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.

Vendor-IBM Corporation

Product-devops_deploy urbancode_deploy UrbanCode Deploy DevOps Deploy

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2024-13416

Matching Score-4

Assigner-Axis Communications AB

View Details

Matching Score-4

Assigner-Axis Communications AB

CVSS Score-4.3||MEDIUM

EPSS-0.06% / 18.63%

7 Day CHG~0.00%

Published-06 Feb, 2025 | 19:09

Updated-21 Feb, 2025 | 12:15

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS.

Vendor-2N

Product-2N OS

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-27019

Matching Score-4

Assigner-Perforce

View Details

Matching Score-4

Assigner-Perforce

CVSS Score-4.3||MEDIUM

EPSS-0.20% / 42.71%

7 Day CHG~0.00%

Published-30 Aug, 2021 | 17:56

Updated-03 Aug, 2024 | 20:40

PuppetDB logging included potentially sensitive system information.

Vendor-n/a Perforce Software, Inc. ("Puppet")

Product-puppet_enterprise puppetdb PuppetDB, Puppet Enterprise

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-1226

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.22% / 45.11%

7 Day CHG~0.00%

Published-13 Jan, 2021 | 21:16

Updated-12 Nov, 2024 | 20:48

Cisco Unified Communications Products Information Disclosure Vulnerability

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Vendor-Cisco Systems, Inc.

Product-unity_connection unified_communications_manager prime_license_manager unified_communications_manager_im_\&_presence_service emergency_responder Cisco Emergency Responder

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2022-3293

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs