Vulnerability Description
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 11.1.0, < 14.0.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/355509Broken Link
- https://hackerone.com/reports/1506126Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/355509Broken Link
- https://hackerone.com/reports/1506126Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2250?
CVE-2022-2250 is a vulnerability with a CVSS score of 4.7 (MEDIUM). An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary l...
How severe is CVE-2022-2250?
CVE-2022-2250 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2250?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.