Lucene search

Veracode Vulnerability DatabaseVERACODE:42364

HistoryAug 06, 2023 - 7:35 p.m.

Cross-Site Scripting (XSS)

2023-08-0619:35:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

vulnerability

cross-site scripting

attacks

access token

integration

unauthorized actions

software

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

gitlab is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker could gain access to an integration’s access token, which could then be used to impersonate the integration and perform unauthorized actions.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json

gitlab.com/gitlab-org/gitlab/-/issues/362671

hackerone.com/reports/1557992

security-tracker.debian.org/tracker/CVE-2022-2497

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for VERACODE:42364