CVE-2022-3381

Published: Mar 9, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 10.0.0 to 15.7.8
Gitlab Gitlab	From 15.8.0 to 15.8.4
Gitlab Gitlab	From 15.9.0 to 15.9.2
Gitlab Gitlab	From 10.0.0 to 15.7.8
Gitlab Gitlab	From 15.8.0 to 15.8.4
Gitlab Gitlab	From 15.9.0 to 15.9.2

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/376046

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1711497

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/376046

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1711497

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.