CVE-2022-1120 : What You Need to Know
Understand CVE-2022-1120 impacting GitLab versions <14.7.7, >=14.8, <14.8.5, >=14.9, <14.9.2. Learn about the vulnerability, its impact, and mitigation steps.
A detailed overview of CVE-2022-1120 affecting GitLab versions <14.7.7, >=14.8, <14.8.5, >=14.9, <14.9.2.
Understanding CVE-2022-1120
This CVE involves missing filtering in an error message in GitLab, potentially exposing sensitive information.
What is CVE-2022-1120?
An information exposure vulnerability in GitLab versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2, allows sensitive data exposure when an include directive fails in the CI/CD configuration.
The Impact of CVE-2022-1120
With a CVSS base score of 4.8 (Medium severity), this vulnerability can lead to high confidentiality impact by revealing sensitive information.
Technical Details of CVE-2022-1120
Get insights into the vulnerability's description, affected systems, and exploitation mechanism.
Vulnerability Description
The vulnerability arises from missing error message filtering, leading to data exposure during CI/CD configuration failures.
Affected Systems and Versions
GitLab versions <14.7.7, >=14.8, <14.8.5, and >=14.9, <14.9.2 are impacted by this vulnerability.
Exploitation Mechanism
The vulnerability requires low privileges and user interaction, with an attack complexity and vector rated as HIGH and NETWORK respectively.
Mitigation and Prevention
Learn how to address and prevent CVE-2022-1120 in your systems.
Immediate Steps to Take
Consider immediate actions to mitigate the vulnerability's risk and safeguard sensitive information.
Long-Term Security Practices
Implement robust security practices to enhance overall protection against similar vulnerabilities in the future.
Patching and Updates
Stay updated with GitLab's security patches and updates to address CVE-2022-1120 effectively.