CVE-2022-4255

Description

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.

How to fix CVE-2022-4255

To remediate CVE-2022-4255, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 15.4.6 or later

Is CVE-2022-4255 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 13.7.0, < 15.4.6, >= 15.5.0, < 15.5.5, >= 15.6.0, < 15.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (3)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/373819
WEBnvd.nist.gov/vuln/detail/CVE-2022-4255