CVE-2022-1175
published 2022-04-04CVE-2022-1175: Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from…
PriorityP358medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
82.00%
99.6th percentile
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 14.4.0 < 14.8.6 | 14.8.6 |
| gitlab | gitlab | >= 14.4.0 < 14.7.7 | 14.7.7 |
| gitlab | gitlab | >= 14.8.0 < 14.8.5 | 14.8.5 |
| gitlab | gitlab | >= 14.9.0 < 14.9.4 | 14.9.4 |
| gitlab | gitlab | >= 14.9.0 < 14.9.2 | 14.9.2 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →XSS payload injected via HTML in GitLab notes/issues — monitor for script injection patterns in note/issue creation requests targeting GitLab CE/EE ↗
- →Stored XSS payload persists due to missing Markdown cache invalidation — even after patching CVE-2022-1175, cached payloads may still execute on unpatched CVE-2022-1433 instances ↗
- →Attacker technique: abuse stored XSS in GitLab issues to silently create personal access tokens for backdooring accounts of users who visit the XSS page ↗
- →Attacker technique: change project base URL to attacker-controlled site so that scripts are sourced from the attacker's server — monitor for unusual external script src domains in GitLab-rendered pages ↗
- →Standard external script include also used as a stealthier delivery method depending on CSP policy — monitor for <script src=> tags pointing to external domains in GitLab note/issue content ↗
- ·Affected versions are GitLab CE/EE 14.4 before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2; cached payloads from CVE-2022-1175 may persist and execute on instances affected by CVE-2022-1433 (14.4–14.8.5, 14.9–14.9.3, 14.10 before 14.10.1) even after the XSS fix is applied ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jh26-hqr4-2cjg: An issue has been discovered in GitLab affecting all versions starting from 14
ghsa_unreviewed·2022-05-12·CVSS 8.7
CVE-2022-1433 [HIGH] CWE-79 GHSA-jh26-hqr4-2cjg: An issue has been discovered in GitLab affecting all versions starting from 14
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.
GHSA
GHSA-9fwv-mvpv-qrh4: Improper neutralization of user input in GitLab CE/EE versions 14
ghsa_unreviewed·2022-04-05
CVE-2022-1175 [MEDIUM] CWE-79 GHSA-9fwv-mvpv-qrh4: Improper neutralization of user input in GitLab CE/EE versions 14
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
OSV
CVE-2022-1175: Improper neutralization of user input in GitLab CE/EE versions 14
osv·2022-04-04·CVSS 6.1
CVE-2022-1175 [MEDIUM] CVE-2022-1175: Improper neutralization of user input in GitLab CE/EE versions 14
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
GitLab
CVE-2022-1433: An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all ver
vendor_gitlab·2022-05-11·CVSS 2.6
CVE-2022-1433 [HIGH] CWE-79 CVE-2022-1433: An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all ver
CVE-2022-1433: An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.
GitLab
CVE-2022-1175: Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions startin
vendor_gitlab·2022-04-04·CVSS 8.7
CVE-2022-1175 [HIGH] CWE-79 CVE-2022-1175: Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions startin
CVE-2022-1175: Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Debian
CVE-2022-1175: gitlab - Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7....
vendor_debian·2022·CVSS 8.7
CVE-2022-1175 [HIGH] CVE-2022-1175: gitlab - Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7....
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
Debian
CVE-2022-1433: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.4...
vendor_debian·2022·CVSS 8.7
CVE-2022-1433 [HIGH] CVE-2022-1433: gitlab - An issue has been discovered in GitLab affecting all versions starting from 14.4...
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.htmlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/353370https://hackerone.com/reports/1481207http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.htmlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/353370https://hackerone.com/reports/1481207
2022-04-04
Published