CVE-2022-1190

Sažetak

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

Reference

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1190.json
https://gitlab.com/gitlab-org/gitlab/-/issues/352392
https://hackerone.com/reports/1455036

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-04-2022 - 13:43

Objavljeno

04-04-2022 - 20:15