CVE-2022-2250
published 2022-07-01CVE-2022-2250: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.52%
71.5th percentile
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.1.0 < 14.0.5 | 14.0.5 |
| gitlab | gitlab | >= 11.1.0 < 14.10.5 | 14.10.5 |
| gitlab | gitlab | >= 15.0.0 < 15.0.4 | 15.0.4 |
| gitlab | gitlab_ee | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv6.1MEDIUM
vendor_debian4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qhmc-hgm8-7h94: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11
ghsa_unreviewed·2022-07-02
CVE-2022-2250 [MEDIUM] CWE-601 GHSA-qhmc-hgm8-7h94: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
OSV
CVE-2022-2250: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11
osv·2022-07-01·CVSS 6.1
CVE-2022-2250 [MEDIUM] CVE-2022-2250: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
GitLab
CVE-2022-2250: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allo
vendor_gitlab·2022-07-01·CVSS 4.7
CVE-2022-2250 [MEDIUM] CWE-601 CVE-2022-2250: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allo
CVE-2022-2250: An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
Debian
CVE-2022-2250: gitlab - An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 ...
vendor_debian·2022·CVSS 4.7
CVE-2022-2250 [MEDIUM] CVE-2022-2250: gitlab - An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 ...
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/355509https://hackerone.com/reports/1506126https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/355509https://hackerone.com/reports/1506126
2022-07-01
Published