CVE-2022-4092

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 5.7

CVSS3: 8

EPSS Низкий

Описание

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/383208
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/1777934
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/383208
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/1777934
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 90%

0.05051

Низкий

5.7 Medium

CVSS3

8 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-4092

CVSS3: 5.7

ubuntu

около 3 лет назад

CVE-2022-4092

CVSS3: 5.7

debian

около 3 лет назад

An issue has been discovered in GitLab EE affecting all versions start ...

GHSA-cxjq-5xjf-cmp7

CVSS3: 8

github

около 3 лет назад

EPSS

Процентиль: 90%

0.05051

Низкий

5.7 Medium

CVSS3

8 High

CVSS3

Дефекты

CWE-79