Lucene search

Ubuntu.comUB:CVE-2022-2904

HistoryNov 02, 2022 - 12:00 a.m.

CVE-2022-2904

2022-11-0200:00:00

ubuntu.com

cve-2022-2904

gitlab

cross-site scripting

external status checks

stored xss

arbitrary actions

unix

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

A cross-site scripting issue has been discovered in GitLab CE/EE affecting
all versions starting from 15.2 before 15.2.5, all versions starting from
15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was
possible to exploit a vulnerability in the external status checks feature
which could lead to a stored XSS that allowed attackers to perform
arbitrary actions on behalf of victims at client side.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-2904

nvd.nist.gov/vuln/detail/CVE-2022-2904

security-tracker.debian.org/tracker/CVE-2022-2904

www.cve.org/CVERecord?id=CVE-2022-2904

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

Related for UB:CVE-2022-2904