CVE-2022-2230 — Cross-site Scripting in Gitlab
Severity
4.8MEDIUMNVD
EPSS
0.5%
top 36.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 1
Latest updateJul 2
Description
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7
Affected Packages5 packages
🔴Vulnerability Details
2GHSA▶
GHSA-q874-xrmj-fh8q: A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14↗2022-07-02
OSV▶
CVE-2022-2230: A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14↗2022-07-01
📋Vendor Advisories
2GitLab▶
CVE-2022-2230: A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior↗2022-07-01
Debian▶
CVE-2022-2230: gitlab - A Stored Cross-Site Scripting vulnerability in the project settings page in GitL...↗2022