icon

We found results for “

CVE-2022-0741

Date: April 1, 2022

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Encoding or Escaping of Output

CWE-116

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us