cbcvebase.
CVE-2022-3573
published 2023-01-12

CVE-2022-3573: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all…

PriorityP278medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.58%
43.5th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.

Affected

10 ranges
VendorProductVersion rangeFixed in
abbdrive_composer<= 2.8
debiangitlab< gitlab 15.10.8+ds1-2 (sid)gitlab 15.10.8+ds1-2 (sid)
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab>= 15.4.0 < 15.5.715.5.7
gitlabgitlab>= 15.6.0 < 15.6.415.6.4
gitlabgitlab>= 15.7.0 < 15.7.215.7.2
gitlabgitlab_ce

Detection & IOCsextracted from sources · hover to see the quote

  • The attack vector targets the wiki changes page via improper filtering of query parameters — monitor HTTP requests to GitLab wiki changes endpoints containing unexpected or unsanitized query parameters as a potential XSS delivery mechanism.
  • ·Exploitation is only possible on self-hosted GitLab instances running WITHOUT a strict Content Security Policy (CSP). Instances with strict CSP enforced are not affected by this XSS vector.
  • ·Affected versions: GitLab CE/EE >= 15.4 and < 15.5.7, >= 15.6 and < 15.6.4, >= 15.7 and < 15.7.2. Debian sid resolved the issue in version 15.10.8+ds1-2.

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vulncheck5.4MEDIUM
vendor_debian5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.