Lucene search
GitLabCVELIST:CVE-2022-0427HistoryMar 28, 2022 - 6:53 p.m.
CVE-2022-0427
2022-03-2818:53:05
GitLab
www.cve.org
2
html attribute sanitization
jupyter notebooks
gitlab ce
gitlab ee
http post requests
account takeover
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
52.5%
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user’s behalf leading to potential account takeover
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=14.5, <14.5.4"
},
{
"status": "affected",
"version": ">=14.6, <14.6.4"
},
{
"status": "affected",
"version": ">=14.7, <14.7.1"
}
]
}
]Related
osv
osv
BIT-gitlab-2022-0427
2024-03-06 11:16:47
CVE-2022-0427
2022-03-28 19:15:08
nvd
nvd
CVE-2022-0427
2022-03-28 19:15:08
veracode
veracode
Improper Privilege Management
2023-07-22 10:17:30
ubuntucve
ubuntucve
CVE-2022-0427
2022-03-28 00:00:00
debiancve
debiancve
CVE-2022-0427
2022-03-28 19:15:08
cve
cve
CVE-2022-0427
2022-03-28 19:15:08
nessus
nessus
GitLab 14.5 < 14.5.4 / 14.6 < 14.6.4 / 14.7 < 14.7.1 (CVE-2022-0427)
2024-01-03 00:00:00
prion
prion
Authentication flaw
2022-03-28 19:15:00
openvas
openvas
freebsd
freebsd
Gitlab -- multiple vulnerabilities
2022-02-03 00:00:00
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
8.7
Confidence
High
EPSS
0.002
Percentile
52.5%
Related for CVELIST:CVE-2022-0427