CVE-2022-1948 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

1.3%

top 19.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedJul 28

Latest updateJul 29

Description

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5gitlab/gitlab>=15.0.0, <15.0.1

▶NVDgitlab/gitlab15.0.0

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-6cqm-3f66-qr6j: An issue has been discovered in GitLab affecting all versions starting from 15↗2022-07-29

▶

📋Vendor Advisories

GitLab

CVE-2022-1948: An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allo↗2022-07-28

▶

Debian

CVE-2022-1948: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.0...↗2022

▶