vulnerability
FreeBSD: VID-3cde510a-7135-11ed-a28b-bff032704f00 (CVE-2022-3482): Gitlab -- Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Dec 1, 2022 | Dec 1, 2022 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 1, 2022
Added
Dec 1, 2022
Modified
Dec 10, 2025
Description
Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches Webhook secret tokens leaked in webhook logs Maintainer can leak webhook secret token by changing the webhook URL Cross-site scripting in Jira Integration affecting self-hosted instances without strict CSP Release names visible in public projects despite release set as project members only Sidekiq background job DoS by uploading malicious NuGet packages SSRF in Web Terminal advertise_address
Solution
freebsd-upgrade-package-gitlab-ce
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.