CVE-2022-2428

2022-10-1700:00:00

GitLab

www.cve.org

jupyter notebook

gitlab ee/ce

arbitrary http requests

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

JSON

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "versions": [
      {
        "version": ">=15.0, <15.1.6",
        "status": "affected"
      },
      {
        "version": ">=15.2, <15.2.4",
        "status": "affected"
      },
      {
        "version": ">=15.3, <15.3.2",
        "status": "affected"
      }
    ]
  }
]