CVE-2022-4376

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4376

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4376.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4376

Aliases

BIT-gitlab-2022-4376

Downstream

UBUNTU-CVE-2022-4376

Published

2023-05-03T00:00:00Z

Modified

2025-11-19T12:16:14.492378Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

d836c22d87f6f0397b93cc72ce3af27a6dc02d93

Fixed

85a92396626cc698a65afd57df80298d3439fb87

Database specific

{
    "versions": [
        {
            "introduced": "15.2"
        },
        {
            "fixed": "15.9.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

defe6e7f8821c58e67a2e909ef8d36463d76e7e8

Fixed

979ce9cea3e92eb0714de8ff4f6ae98488b03175

Database specific

{
    "versions": [
        {
            "introduced": "15.10"
        },
        {
            "fixed": "15.10.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

4dce6bc3728f63bc9086ff3088cda7527f6f0bec

Fixed

59859b264764a06096c15459ea93f581515f112e

Database specific

{
    "versions": [
        {
            "introduced": "15.11"
        },
        {
            "fixed": "15.11.1"
        }
    ]
}

Affected versions

v15.*

v15.10.0-ee

v15.10.1-ee

v15.10.2-ee

v15.10.3-ee

v15.10.4-ee

v15.11.0-ee