Unrated severityNVD Advisory· Published Oct 17, 2022· Updated May 13, 2025

CVE-2022-3291

Description

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

Affected products

GitLab Inc./CE/EEllm-fuzzy
Range: >=14.9, <15.2.5 || >=15.3, <15.3.4 || >=15.4, <15.4.1
osv-coords
pkg:bitnami/gitlab
Range: >= 14.9.0, < 15.2.5
GitLab Inc./GitLabv5
Range: >=14.9, <15.2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3291.jsonmitre
gitlab.com/gitlab-org/gitlab/-/issues/354299mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000