CVE-2022-3381
First published: Thu Mar 09 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=10.0.0<15.7.8 | |
| GitLab | >=10.0.0<15.7.8 | |
| GitLab | >=15.8.0<15.8.4 | |
| GitLab | >=15.8.0<15.8.4 | |
| GitLab | >=15.9.0<15.9.2 | |
| GitLab | >=15.9.0<15.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3381?
CVE-2022-3381 is rated as high severity due to the potential for unauthorized redirection to arbitrary sites.
How do I fix CVE-2022-3381?
To mitigate CVE-2022-3381, upgrade GitLab to version 15.8.4 or later, or 15.9.2 or later.
What versions of GitLab are affected by CVE-2022-3381?
CVE-2022-3381 affects GitLab versions from 10.0 to 15.7.8, as well as versions 15.8 prior to 15.8.4 and versions 15.9 prior to 15.9.2.
What is the nature of the vulnerability in CVE-2022-3381?
CVE-2022-3381 allows crafted URLs to redirect users to arbitrary sites, posing a phishing risk.
Can CVE-2022-3381 be exploited without user interaction?
Exploitation of CVE-2022-3381 typically requires user interaction through a crafted link.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/10.0.0
- version/gitlab/15.8.0
- version/gitlab/15.9.0