CVE-2022-4376
First published: Wed May 03 2023(Updated: )
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=8.6.0<15.9.6 | |
| GitLab | >=15.10<15.10.5 | |
| GitLab | >=15.11<15.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-4376?
CVE-2022-4376 has been classified with a medium severity rating due to potential impact on user privacy.
How do I fix CVE-2022-4376?
To mitigate CVE-2022-4376, update your GitLab instance to version 15.9.6 or higher, 15.10.5 or higher, or 15.11.1 or higher.
Which GitLab versions are affected by CVE-2022-4376?
CVE-2022-4376 affects all GitLab versions prior to 15.9.6, between 15.10 and 15.10.5, and between 15.11 and 15.11.1.
What kind of attack does CVE-2022-4376 enable?
CVE-2022-4376 may allow an attacker to associate a private email address with a GitLab user account under certain conditions.
Is there any additional information available about CVE-2022-4376?
For more details, consult the GitLab security advisories or vulnerability reports related to CVE-2022-4376.
- collector/nvd-latest
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/8.6.0
- version/gitlab/15.10
- version/gitlab/15.11