CVE-2022-4462

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4462
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4462.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4462
Aliases
Downstream
Published
2023-03-09T00:00:00Z
Modified
2025-12-04T12:26:22.624574Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4462.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0bd32f788647bb832f3d9eb5746cbda5300e0fa2
Fixed
d7f0ac7432bb9ab3f10b7025dc5f9d5b3fe8c76e
Database specific 
{
    "versions": [
        {
            "introduced": "12.8"
        },
        {
            "fixed": "15.7.8"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1d89c23c9f904e710e6e4ebdbc5bdd39cbb83717
Fixed
089019df22f87ccb9fff3ff3fe710f70f77084d3
Database specific 
{
    "versions": [
        {
            "introduced": "15.8"
        },
        {
            "fixed": "15.8.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
b107c0bae0871a67dee31ad8e52550d32c4afb66
Fixed
d80458522dd70245b7e0b9f1297f1dd227ebc10a
Database specific 
{
    "versions": [
        {
            "introduced": "15.9"
        },
        {
            "fixed": "15.9.2"
        }
    ]
}

Affected versions

v15.*

v15.8.0-ee
v15.8.1-ee
v15.8.2-ee
v15.8.3-ee
v15.9.0-ee
v15.9.1-ee