CVE-2022-0283 — Open Redirect in Gitlab

CWE-601 — Open Redirect5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 63.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 28

Latest updateMar 29

Description

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDgitlab/gitlab13.5 — 14.5.4+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=13.5, <14.5.4, >=14.6, <14.6.4, >=14.7, <14.7.1+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-9238-gwm5-6mm9: An issue has been discovered affecting GitLab versions prior to 13↗2022-03-29

▶

OSV

CVE-2022-0283: An issue has been discovered affecting GitLab versions prior to 13↗2022-03-28

▶

📋Vendor Advisories

GitLab

CVE-2022-0283: An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a↗2022-03-28

▶

Debian

CVE-2022-0283: gitlab - An issue has been discovered affecting GitLab versions prior to 13.5. An open re...↗2022

▶