{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T17:20:28.419","vulnerabilities":[{"cve":{"id":"CVE-2022-4365","sourceIdentifier":"cve@gitlab.com","published":"2023-01-12T04:15:10.750","lastModified":"2025-04-08T14:15:29.727","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page."},{"lang":"es","value":"Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 11.8 anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Un mantenedor malicioso puede filtrar el token de centinela cambiando la URL configurada en la pĆ”gina de configuraciĆ³n de seguimiento de errores de Sentry."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"11.8.0","versionEndExcluding":"15.5.7","matchCriteriaId":"B085B23E-9BFE-471C-9A53-33D9643CCD29"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.8.0","versionEndExcluding":"15.5.7","matchCriteriaId":"134A816F-B6D8-448C-925F-829B908216F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.6.0","versionEndExcluding":"15.6.4","matchCriteriaId":"D184F043-F506-415D-BAC5-03E8A7334E78"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.6.0","versionEndExcluding":"15.6.4","matchCriteriaId":"D82CADBB-B082-4757-B16A-48AA5E3CC54E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.7.0","versionEndExcluding":"15.7.2","matchCriteriaId":"5482B6DC-FA6C-49AA-93FD-AA7EE9B3E39B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.7.0","versionEndExcluding":"15.7.2","matchCriteriaId":"B9242DBC-C1C9-4B96-970E-E1ECB2F3B2AA"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4365.json","source":"cve@gitlab.com","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385193","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/1792626","source":"cve@gitlab.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4365.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/1792626","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/385193","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Broken Link"]}]}}]}