vulnerability
FreeBSD: VID-3a023570-91ab-11ed-8950-001b217b3468 (CVE-2022-4365): Gitlab -- Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:M/C:P/I:P/A:N) | Jan 11, 2023 | Jan 12, 2023 | Mar 25, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:M/C:P/I:P/A:N)
Published
Jan 11, 2023
Added
Jan 12, 2023
Modified
Mar 25, 2026
Description
Gitlab reports: Race condition on gitlab.com enables verified email forgery and third-party account hijacking DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint Maintainer can leak sentry token by changing the configured URL Maintainer can leak masked webhook secrets by changing target URL of the webhook Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP Group access tokens continue to work after owner loses ability to revoke them Users' avatar disclosure by user ID in private GitLab instances Arbitrary Protocol Redirection in GitLab Pages Regex DoS due to device-detector parsing user agents Regex DoS in the Submodule Url Parser
Solution
freebsd-upgrade-package-gitlab-ce
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.