Vulnerability Description
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 9.4.0, < 15.3.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/377810Broken Link
- https://hackerone.com/reports/1725190Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/377810Broken Link
- https://hackerone.com/reports/1725190Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-3486?
CVE-2022-3486 is a vulnerability with a CVSS score of 4.7 (MEDIUM). An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary loc...
How severe is CVE-2022-3486?
CVE-2022-3486 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3486?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.