CVE-2022-3280 — Open Redirect in Gitlab

CWE-601 — Open Redirect5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 62.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedNov 9

Latest updateNov 10

Description

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶NVDgitlab/gitlab10.1.0 — 15.3.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=10.1, <15.3.5, >=15.4, <15.4.4, >=15.5, <15.5.2+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-28w5-8wm6-h27m: An open redirect in GitLab CE/EE affecting all versions from 10↗2022-11-10

▶

OSV

CVE-2022-3280: An open redirect in GitLab CE/EE affecting all versions from 10↗2022-11-09

▶

📋Vendor Advisories

GitLab

CVE-2022-3280: An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker t↗2022-11-09

▶

Debian

CVE-2022-3280: gitlab - An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3....↗2022

▶