CVE-2022-2534
First published: Fri Aug 05 2022(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=9.3.0<15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 | |
| GitLab | >=9.3.0<15.0.5 | |
| GitLab | >=15.1.0<15.1.4 | |
| GitLab | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-2534?
CVE-2022-2534 has a severity that may impact user privacy due to unauthorized disclosure of contributor emails.
How do I fix CVE-2022-2534?
To remediate CVE-2022-2534, upgrade GitLab to version 15.0.5, 15.1.4, or 15.2.1 or later.
What versions are affected by CVE-2022-2534?
CVE-2022-2534 affects all GitLab versions starting from 9.3 before 15.0.5, from 15.1 before 15.1.4, and from 15.2 before 15.2.1.
What kind of vulnerability is CVE-2022-2534?
CVE-2022-2534 is a data handling issue in the GitLab Datadog integration that leads to potential leakage of contributor emails.
Is CVE-2022-2534 applicable to both GitLab CE and EE?
Yes, CVE-2022-2534 affects both GitLab Community Edition (CE) and Enterprise Edition (EE).
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/9.3.0
- version/gitlab/15.1.0
- version/gitlab/15.2