CVE-2022-1416: XSS
First published: Thu May 19 2022(Updated: )
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=1.0.2<14.8.6 | |
| GitLab | >=1.0.2<14.8.6 | |
| GitLab | >=14.9.0<14.9.4 | |
| GitLab | >=14.9.0<14.9.4 | |
| GitLab | =14.10.0 | |
| GitLab | =14.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-1416?
CVE-2022-1416 is classified as a medium severity vulnerability due to the potential for rendering attacker-controlled HTML and CSS.
How do I fix CVE-2022-1416?
To resolve CVE-2022-1416, update GitLab to version 14.8.6 or later, 14.9.4 or later, or 14.10.1 or later.
What versions of GitLab are affected by CVE-2022-1416?
CVE-2022-1416 affects GitLab versions from 1.0.2 before 14.8.6, from 14.9.0 before 14.9.4, and exactly 14.10.0.
What kind of attack vector does CVE-2022-1416 expose?
CVE-2022-1416 exposes an attack vector where an attacker could inject HTML and CSS into Pipeline error messages.
Is CVE-2022-1416 a remote or local vulnerability?
CVE-2022-1416 is primarily a remote vulnerability as it allows external attackers to manipulate error messages in GitLab.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/1.0.2
- version/gitlab/14.9.0
- version/gitlab/14.10.0