vulnerability
FreeBSD: VID-f7c5b3a9-b9fb-11ed-99c6-001b217b3468 (CVE-2022-4289): Gitlab -- Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Mar 3, 2023 | Mar 5, 2023 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Mar 3, 2023
Added
Mar 5, 2023
Modified
Dec 10, 2025
Description
Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site Clipboard based XSS in the title field of work items Improper user right checks for personal snippets Release Description visible in public projects despite release set as project members only Group integration settings sensitive information exposed to project maintainers Improve pagination limits for commits Gitlab Open Redirect Vulnerability Maintainer may become an Owner of a project
Solution
freebsd-upgrade-package-gitlab-ce
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.