Vulnerability Description
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 14.5.0, < 14.10.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2235.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/360540Broken Link
- https://hackerone.com/reports/1542510Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2235.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/360540Broken Link
- https://hackerone.com/reports/1542510Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2235?
CVE-2022-2235 is a vulnerability with a CVSS score of 8.7 (HIGH). Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-si...
How severe is CVE-2022-2235?
CVE-2022-2235 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2235?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.