Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-du8z-6hwa-r3cz

Summary An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.

Aliases

alias	CVE-2022-4289

Fixed_packages

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4289

reference_id

reference_type

scores

value	0.02377
scoring_system	epss
scoring_elements	0.84923
published_at	2026-04-02T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.8494
published_at	2026-04-04T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84945
published_at	2026-04-07T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84968
published_at	2026-04-08T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84975
published_at	2026-04-09T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.8499
published_at	2026-04-11T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84989
published_at	2026-04-12T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84985
published_at	2026-04-13T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.85005
published_at	2026-04-16T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.85007
published_at	2026-04-18T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.85004
published_at	2026-04-21T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.85029
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4289

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-du8z-6hwa-r3cz

Vulnerability Instance