Improper Data Handling in GitLab's Datadog Integration Leads to Disclosure of Contributor Emails

Improper Data Handling in GitLab's Datadog Integration Leads to Disclosure of Contributor Emails

CVE-2022-2534 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.

Learn more about our Web Application Penetration Testing UK.