Lucene search

Veracode Vulnerability DatabaseVERACODE:41549

HistoryJul 23, 2023 - 6:48 p.m.

Cross-site Scripting (XSS)

2023-07-2318:48:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

xss

vulnerability

jira connect integration

malicious attacker

javascript

browser security

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

46.7%

JSON

gitlab is vulnerable to Cross-site Scripting (XSS). The vulnerability exploits the jira connect intergration allowing a malicious attacker to inject and execute malicious javascript on victim’s browser…

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json

gitlab.com/gitlab-org/gitlab/-/issues/378214

hackerone.com/reports/1727985

security-tracker.debian.org/tracker/CVE-2022-3572

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for VERACODE:41549