CVE-2022-3486
published 2022-11-09CVE-2022-3486: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.72%
49.5th percentile
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.4.0 < 15.4.4 | 15.4.4 |
| gitlab | gitlab | >= 15.5.0 < 15.5.2 | 15.5.2 |
| gitlab | gitlab | >= 9.4.0 < 15.3.5 | 15.3.5 |
| gitlab | gitlab_ee | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2022-3486: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows
vendor_gitlab·2022-11-09·CVSS 4.7
CVE-2022-3486 [MEDIUM] CWE-601 CVE-2022-3486: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows
CVE-2022-3486: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
Debian
CVE-2022-3486: gitlab - An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 p...
vendor_debian·2022·CVSS 4.7
CVE-2022-3486 [MEDIUM] CVE-2022-3486: gitlab - An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 p...
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-m9gh-48vw-5j3h: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9
ghsa_unreviewed·2022-11-10
CVE-2022-3486 [MEDIUM] CWE-601 GHSA-m9gh-48vw-5j3h: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
OSV
CVE-2022-3486: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9
osv·2022-11-09·CVSS 6.1
CVE-2022-3486 [MEDIUM] CVE-2022-3486: An open redirect vulnerability in GitLab EE/CE affecting all versions from 9
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/377810https://hackerone.com/reports/1725190https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/377810https://hackerone.com/reports/1725190
2022-11-09
Published