CVE-2022-3573
published 2023-01-12CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all…
PriorityP278medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.58%
43.5th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| abb | drive_composer | <= 2.8 | — |
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.4.0 < 15.5.7 | 15.5.7 |
| gitlab | gitlab | >= 15.6.0 < 15.6.4 | 15.6.4 |
| gitlab | gitlab | >= 15.7.0 < 15.7.2 | 15.7.2 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack vector targets the wiki changes page via improper filtering of query parameters — monitor HTTP requests to GitLab wiki changes endpoints containing unexpected or unsanitized query parameters as a potential XSS delivery mechanism. ↗
- ·Exploitation is only possible on self-hosted GitLab instances running WITHOUT a strict Content Security Policy (CSP). Instances with strict CSP enforced are not affected by this XSS vector. ↗
- ·Affected versions: GitLab CE/EE >= 15.4 and < 15.5.7, >= 15.6 and < 15.6.4, >= 15.7 and < 15.7.2. Debian sid resolved the issue in version 15.10.8+ds1-2. ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vulncheck5.4MEDIUM
vendor_debian5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jwcg-x754-2vpg: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
ghsa_unreviewed·2023-01-12
CVE-2022-3573 [MEDIUM] CWE-79 GHSA-jwcg-x754-2vpg: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
OSV
CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
osv·2023-01-12·CVSS 5.4
CVE-2022-3573 [MEDIUM] CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
VulnCheck
GitLab gitlab Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2022·CVSS 5.4
CVE-2022-3573 [MEDIUM] GitLab gitlab Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
GitLab gitlab Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
Affected: GitLab gitlab
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
GitLab
CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, a
vendor_gitlab·2023-01-12·CVSS 5.4
CVE-2022-3573 [MEDIUM] CWE-79 CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, a
CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
Debian
CVE-2022-3573: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
vendor_debian·2022·CVSS 5.4
CVE-2022-3573 [MEDIUM] CVE-2022-3573: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/378216https://hackerone.com/reports/1730461https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/378216https://hackerone.com/reports/1730461https://gitlab.com/gitlab-org/gitlab/-/issues/378216
2023-01-12
Published
Exploited in the wild