CVE-2022-3280

Published: Nov 9, 2022Modified: May 1, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 10.1.0 to 15.3.5
Gitlab Gitlab	From 15.4.0 to 15.4.4
Gitlab Gitlab	From 15.5.0 to 15.5.2
Gitlab Gitlab	From 10.1.0 to 15.3.5
Gitlab Gitlab	From 15.4.0 to 15.4.4
Gitlab Gitlab	From 15.5.0 to 15.5.2

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3280.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/352611

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1475686

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3280.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/352611

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1475686

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.