1. Home
  2. CVE Database
  3. CVE-2022-1940
HIGH · 7.7

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to e...

Vulnerability Description

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
GitlabGitlab>= 13.11.0, < 14.9.5

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2022-1940?

CVE-2022-1940 is a vulnerability with a CVSS score of 7.7 (HIGH). A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to e...

How severe is CVE-2022-1940?

CVE-2022-1940 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1940?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.