Information disclosure vulnerability in GitLab CE/EE - CVE-2022-3018 (rpm)| ID: oval:org.secpod.oval:def:85351 | Date: (C)2022-11-07 (M)2023-08-16 |
| Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 9.3 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle issues in webhook logs. Successful exploitation allows a project maintainer to access the DataDog integration API key.
| Product: |
| gitlab-ce |
| gitlab-ee |
