CVE-2022-0741

High

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables…

GitLab·CWE-116·Published 2022-04-01

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

177 chars

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

NVDen

177 chars

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.

Una comprobación de entrada inapropiada en todas las versiones de GitLab CE/EE usando sendmail para enviar correos electrónicos permitía a un atacante robar variables de entorno por medio de direcciones de correo electrónico especialmente diseñadas

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
3.1	Secondary	NVD	5.8	1.3	4.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N