CVE-2022-3381 — Open Redirect in Gitlab

CWE-601 — Open Redirect5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 32.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 9

Description

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDgitlab/gitlab10.0.0 — 15.7.8+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=10.0, <15.7.8, >=15.8, <15.8.4, >=15.9, <15.9.2+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-xpwh-4xmj-5wrc: An issue has been discovered in GitLab affecting all versions starting from 10↗2023-03-09

▶

OSV

CVE-2022-3381: An issue has been discovered in GitLab affecting all versions starting from 10↗2023-03-09

▶

📋Vendor Advisories

GitLab

CVE-2022-3381: An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted U↗2023-03-09

▶

Debian

CVE-2022-3381: gitlab - An issue has been discovered in GitLab affecting all versions starting from 10.0...↗2022

▶