CVE-2022-0124
First published: Tue Jan 18 2022(Updated: )
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <14.4.5 | |
| GitLab | <14.4.5 | |
| GitLab | >=14.5.0<14.5.3 | |
| GitLab | >=14.5.0<14.5.3 | |
| GitLab | >=14.6.0<14.6.1 | |
| GitLab | >=14.6.0<14.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-0124?
CVE-2022-0124 has been classified as a medium severity vulnerability affecting specific versions of GitLab.
How do I fix CVE-2022-0124?
To mitigate CVE-2022-0124, upgrade GitLab to version 14.4.5 or later, or any version from 14.5.4 or 14.6.2 onwards.
What versions of GitLab are affected by CVE-2022-0124?
CVE-2022-0124 affects GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
What kind of issue does CVE-2022-0124 represent?
CVE-2022-0124 involves improper input validation in GitLab's Slack integration that could lead to malicious URLs being crafted.
Is it safe to use GitLab versions affected by CVE-2022-0124?
Using affected GitLab versions poses a security risk and it is advised to upgrade to a patched version as soon as possible.
- agent/author
- agent/type
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gitlab
- canonical/gitlab
- version/gitlab/14.5.0
- version/gitlab/14.6.0