CVE-2022-1948

Опубликовано: 28 июл. 2022

Источник: nvd

CVSS3: 8.7

CVSS3: 5.4

EPSS Средний

Описание

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1948.json
Vendor Advisory
https://gitlab.com/gitlab-org/security/gitlab/-/issues/673
Permissions Required
https://hackerone.com/reports/1578400
Permissions Required
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1948.json
Vendor Advisory
https://gitlab.com/gitlab-org/security/gitlab/-/issues/673
Permissions Required
https://hackerone.com/reports/1578400
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 95%

0.20077

Средний

8.7 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-1948

CVSS3: 8.7

ubuntu

больше 3 лет назад

CVE-2022-1948

CVSS3: 8.7

debian

больше 3 лет назад

An issue has been discovered in GitLab affecting all versions starting ...

GHSA-6cqm-3f66-qr6j

CVSS3: 5.4

github

больше 3 лет назад

EPSS

Процентиль: 95%

0.20077

Средний

8.7 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79