First published: Wed Mar 08 2023(Updated: )
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=15.3<15.7.8 | |
GitLab GitLab | >=15.3<15.7.8 | |
GitLab GitLab | >=15.8.0<15.8.4 | |
GitLab GitLab | >=15.8.0<15.8.4 | |
GitLab GitLab | >=15.9.0<15.9.2 | |
GitLab GitLab | >=15.9.0<15.9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4007 is a cross-site scripting vulnerability in GitLab CE/EE versions prior to 15.7.8, 15.8.4, and 15.9.2 that allows attackers to perform arbitrary actions on behalf of users.
All versions of GitLab CE/EE from 15.3 to 15.7.8, 15.8.0 to 15.8.4, and 15.9.0 to 15.9.2 are affected by CVE-2022-4007.
CVE-2022-4007 has a severity level of 6.1 (medium).
To fix the CVE-2022-4007 vulnerability, update GitLab CE/EE to version 15.7.8, 15.8.4, or 15.9.2 or later.
You can find more information about CVE-2022-4007 on the GitLab CE/EE official website, specific GitLab issues, and the HackerOne report linked in the references.