CVE-2022-1120

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/04/2022
Last modified:
11/04/2022

Description

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 14.7.7 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 14.7.7 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 14.8.0 (including) 14.8.5 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 14.8.0 (including) 14.8.5 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 14.9.0 (including) 14.9.2 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 14.9.0 (including) 14.9.2 (excluding)