Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2022-1157

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged

  • Published: Apr 11, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-1157
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 2.4
  • AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 14.9.0 14.9.2
gitlab / gitlab 14.8.0 14.8.5
gitlab / gitlab - 14.7.7