CVE-2022-3573
Summary
| CVE | CVE-2022-3573 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-12 04:15:00 UTC |
| Updated | 2023-03-22 16:19:00 UTC |
| Description | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Abb | Drive Composer | All | All | All | All |
| Application | Abb | Drive Composer | All | All | All | All |
| Application | Gitlab | Gitlab | All | All | All | All |
| Application | Gitlab | Gitlab | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Not Found | MISC | gitlab.com | |
| HackerOne | MISC | hackerone.com | |
| 2022/CVE-2022-3573.json · master · GitLab.org / cves · GitLab | CONFIRM | gitlab.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Thanks [ryotak](https://hackerone.com/ryotak) for reporting this vulnerability through our HackerOne bug bounty program
Legacy QID Mappings
- 691022 Free Berkeley Software Distribution (FreeBSD) Security Update for gitlab (3a023570-91ab-11ed-8950-001b217b3468)