{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-4255","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","assignerShortName":"GitLab","dateUpdated":"2025-03-27T20:17:04.693Z","dateReserved":"2022-12-01T00:00:00.000Z","datePublished":"2023-01-27T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2023-01-27T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload."}],"affected":[{"vendor":"GitLab","product":"GitLab","versions":[{"version":">=13.7, <15.4.6","status":"affected"},{"version":">=15.5, <15.5.5","status":"affected"},{"version":">=15.6, <15.6.1","status":"affected"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/373819"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json"}],"credits":[{"lang":"en","value":"This vulnerability has been discovered internally by the GitLab team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Information exposure in GitLab"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:34:49.858Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/373819","tags":["x_transferred"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-27T20:16:57.832954Z","id":"CVE-2022-4255","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-27T20:17:04.693Z"}}]}}