CVE-2022-3291

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3291

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3291.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3291

Aliases

BIT-gitlab-2022-3291

Downstream

UBUNTU-CVE-2022-3291

Published

2022-10-17T16:15:22Z

Modified

2025-05-13T16:15:21Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.json
https://gitlab.com/gitlab-org/gitlab/-/issues/354299

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

1fdefb34741e329ede520eba6c3038eb48bfa191

Fixed

0b24f0547393a5606b1ec7e4e31cfeab4bce5cab