Medium severity6.4NVD Advisory· Published Mar 9, 2023· Updated Jun 17, 2026
CVE-2022-4289
CVE-2022-4289
Description
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3>=15.3, <15.7.8 ; >=15.8, <15.8.4 ; >=15.9, <15.9.2+ 1 more
- (no CPE)range: >=15.3, <15.7.8 ; >=15.8, <15.8.4 ; >=15.9, <15.9.2
- (no CPE)range: >=15.3, <15.7.8
Patches
Vulnerability mechanics
References
4- gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4289.jsonnvdVendor Advisory
- gitlab.com/gitlab-org/gitlab/-/issues/384580nvdBroken Link
- hackerone.com/reports/1780770nvdPermissions Required
- security.netapp.com/advisory/ntap-20240415-0004/nvd
News mentions
0No linked articles in our index yet.