CVE-2022-3291

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3291

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3291.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3291

Aliases

BIT-gitlab-2022-3291

Downstream

UBUNTU-CVE-2022-3291

Published

2022-10-17T00:00:00Z

Modified

2025-12-08T04:02:20.260895Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3291.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1fdefb34741e329ede520eba6c3038eb48bfa191

Fixed

0b24f0547393a5606b1ec7e4e31cfeab4bce5cab

Database specific

{
    "versions": [
        {
            "introduced": "14.9"
        },
        {
            "fixed": "15.2.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

b189ba070558de141d90142340de25bd3edcbefc

Fixed

9c6bb746bd31413e3310bacd1ac5710d20aa32c0

Database specific

{
    "versions": [
        {
            "introduced": "15.3"
        },
        {
            "fixed": "15.3.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

abbda55531f0a9d630eee1dcf2305ca499c94116

Fixed

7b2ed8f038f6184c0485cdae8d97c9f579454ffc

Database specific

{
    "versions": [
        {
            "introduced": "15.4"
        },
        {
            "fixed": "15.4.1"
        }
    ]
}

Affected versions

v15.*

v15.3.0-ee

v15.3.1-ee

v15.3.2-ee

v15.3.3-ee

v15.4.0-ee