{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-3375","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","assignerShortName":"GitLab","dateUpdated":"2025-02-10T21:11:02.636Z","dateReserved":"2022-09-30T00:00:00.000Z","datePublished":"2023-04-05T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2023-04-05T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private."}],"affected":[{"vendor":"GitLab","product":"GitLab","versions":[{"version":">=11.10, <15.8.5","status":"affected"},{"version":">=15.9, <15.9.4","status":"affected"},{"version":">=15.10, <15.10.1","status":"affected"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376041"},{"url":"https://hackerone.com/reports/1710533"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json"}],"credits":[{"lang":"en","value":"Thanks [shells3c](https://hackerone.com/shells3c) for reporting this vulnerability through our HackerOne bug bounty program"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.1,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Information exposure through an error message in GitLab"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:07:06.508Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/376041","tags":["x_transferred"]},{"url":"https://hackerone.com/reports/1710533","tags":["x_transferred"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-535","lang":"en","description":"CWE-535 Exposure of Information Through Shell Error Message"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-10T21:10:57.402815Z","id":"CVE-2022-3375","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-10T21:11:02.636Z"}}]}}