CVE-2022-3902
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-3902
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3902.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-3902
- Aliases
- Related
- Published
- 2023-01-26T21:16:02Z
- Modified
- 2025-04-02T17:17:15.780976Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.
- References
Affected packages
Git / gitlab.com/gitlab-org/gitlab
Affected versions
Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v10.*
v10.1.0.pre
v10.2.0.pre
v10.3.0.pre
v10.4.0.pre
v10.5.0.pre
v10.6.0.pre
v10.7.0.pre
v10.8.0.pre
v10.9.0.pre
v11.*
v11.0.0.pre
v11.1.0.pre
v11.2.0.pre
v11.3.0.pre
v15.*
v15.4.0-ee
v15.4.0-rc42-ee
v15.4.0-rc43-ee
v15.4.1-ee
v15.4.2-ee
v15.4.3-ee
v15.4.4-ee
v15.4.5-ee
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.2.1
v6.2.2
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.4.1
v6.4.2
v6.4.3
v6.5.0-ee
v6.5.1
v6.6.0-ee
v6.6.1
v6.6.2
v6.7.0-ee
v6.7.0.rc1-ee
v6.7.1
v6.7.2
v6.8.0-ee
v6.8.1
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee
v7.4.0-ee
v7.4.1-ee
v7.4.2-ee
v7.4.3-ee
v7.4.4-ee
v8.*
v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.2.0-ee
v8.2.0.rc1
v8.2.0.rc1-ee
v8.2.0.rc2
v8.2.0.rc2-ee
v8.8.0
v8.8.0-ee
v8.8.0-rc1
v8.8.0-rc1-ee
v8.8.0-rc2
v8.8.0-rc2-ee
v8.8.1-ee
v9.*
v9.3.0.pre
v9.5.0.pre
v9.6.0.pre