CVE-2022-2250

Sažetak

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

Reference

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.json
https://hackerone.com/reports/1506126
https://gitlab.com/gitlab-org/gitlab/-/issues/355509

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

13-07-2022 - 18:25

Objavljeno

01-07-2022 - 16:15