What is the authoritative source for CVE-2022-4037?

CVE-2022-4037 (CVE-2022-4037) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2022-4037EPSS p45.8%

CVE-2022-4037CVE-2022-4037

gitlab / gitlab

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.

Scoring

CVSS	6.4 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS	0.64% probability of exploitation · percentile 45.8% · 2026-06-19T12:03:05Z
Last modified	2026-06-17

Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.