CVE-2022-3486

Published: Nov 9, 2022Modified: May 1, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 15.4.0 to 15.4.4
Gitlab Gitlab	From 15.5.0 to 15.5.2
Gitlab Gitlab	From 9.4.0 to 15.3.5
Gitlab Gitlab	From 15.4.0 to 15.4.4
Gitlab Gitlab	From 15.5.0 to 15.5.2
Gitlab Gitlab	From 9.4.0 to 15.3.5

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/377810

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/1725190

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/377810

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/1725190

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.