CVE-2022-4462
First published: Thu Mar 09 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=12.8.0<15.7.8 | |
| GitLab | >=12.8.0<15.7.8 | |
| GitLab | >=15.8.0<15.8.4 | |
| GitLab | >=15.8.0<15.8.4 | |
| GitLab | >=15.9.0<15.9.2 | |
| GitLab | >=15.9.0<15.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-4462?
CVE-2022-4462 is classified as a medium severity vulnerability.
How do I fix CVE-2022-4462?
To fix CVE-2022-4462, you should upgrade GitLab to version 15.7.8 or later, or upgrade to version 15.8.4 or later, or 15.9.2 or later.
Who is affected by CVE-2022-4462?
CVE-2022-4462 affects all GitLab versions starting from 12.8 before 15.7.8, 15.8 before 15.8.4, and 15.9 before 15.9.2.
What can attackers do with CVE-2022-4462?
Attackers can exploit CVE-2022-4462 to unmask the Discord Webhook URL by viewing the raw API response.
Is CVE-2022-4462 limited to a specific edition of GitLab?
No, CVE-2022-4462 affects both the Community and Enterprise editions of GitLab.
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.8.0
- version/gitlab/15.8.0
- version/gitlab/15.9.0