First published: Mon Jun 06 2022(Updated: )
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=13.11.0<14.9.5 | |
GitLab GitLab | >=14.10.0<14.10.4 | |
GitLab GitLab | =15.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1940 is a Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1.
CVE-2022-1940 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues.
CVE-2022-1940 has a severity rating of high.
To fix CVE-2022-1940, it is recommended to update GitLab to version 14.9.5, 14.10.4, or 15.0.1 or later.
You can find more information about CVE-2022-1940 on the GitLab CVE page: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1940.json