CVE-2022-3572

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 9.3

CVSS3: 6.1

EPSS Средний

Описание

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/378214
Exploit
Vendor Advisory
https://hackerone.com/reports/1727985
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/378214
Exploit
Vendor Advisory
https://hackerone.com/reports/1727985
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 13.5.0 (включая) до 15.4.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 13.5.0 (включая) до 15.4.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 15.5.0 (включая) до 15.5.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 15.5.0 (включая) до 15.5.5 (исключая)

cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 93%

0.11253

Средний

9.3 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-3572

CVSS3: 9.3

ubuntu

около 3 лет назад

CVE-2022-3572

CVSS3: 9.3

debian

около 3 лет назад

A cross-site scripting issue has been discovered in GitLab CE/EE affec ...

GHSA-6gf9-9hhg-h494

CVSS3: 6.1

github

около 3 лет назад

EPSS

Процентиль: 93%

0.11253

Средний

9.3 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79