{"api_version":"1","generated_at":"2026-04-23T13:26:40+00:00","cve":"CVE-2022-3486","urls":{"html":"https://cve.report/CVE-2022-3486","api":"https://cve.report/api/cve/CVE-2022-3486.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3486","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3486"},"summary":{"title":"CVE-2022-3486","description":"An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.","state":"PUBLIC","assigner":"cve@gitlab.com","published_at":"2022-11-09 23:15:00","updated_at":"2022-11-11 01:55:00"},"problem_types":["CWE-601"],"metrics":[],"references":[{"url":"https://hackerone.com/reports/1725190","name":"https://hackerone.com/reports/1725190","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json","name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json","refsource":"CONFIRM","tags":[],"title":"2022/CVE-2022-3486.json · master · GitLab.org / cves · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377810","name":"https://gitlab.com/gitlab-org/gitlab/-/issues/377810","refsource":"MISC","tags":[],"title":"Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3486","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3486","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Thanks [ryotak](https://hackerone.com/ryotak) for reporting this vulnerability through our HackerOne bug bounty program","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"3486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-3486","qid":"690975","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for gitlab (16f7ec68-5cce-11ed-9be7-454b1dd82c64)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-3486","ASSIGNER":"cve@gitlab.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"GitLab","product":{"product_data":[{"product_name":"GitLab","version":{"version_data":[{"version_value":">=9.4, <15.3.5"},{"version_value":">=15.4, <15.4.4"},{"version_value":">=15.5, <15.5.2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Url redirection to untrusted site ('open redirect') in GitLab"}]}]},"references":{"reference_data":[{"name":"https://gitlab.com/gitlab-org/gitlab/-/issues/377810","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/377810","refsource":"MISC"},{"name":"https://hackerone.com/reports/1725190","url":"https://hackerone.com/reports/1725190","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json","refsource":"CONFIRM"}]},"description":{"description_data":[{"lang":"eng","value":"An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL."}]},"impact":{"cvss":{"vectorString":"AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","version":"3.1","baseScore":4.6,"baseSeverity":"MEDIUM"}},"credit":[{"lang":"eng","value":"Thanks [ryotak](https://hackerone.com/ryotak) for reporting this vulnerability through our HackerOne bug bounty program"}]},"nvd":{"publishedDate":"2022-11-09 23:15:00","lastModifiedDate":"2022-11-11 01:55:00","problem_types":["CWE-601"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.4.0","versionEndExcluding":"15.4.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"15.5.0","versionEndExcluding":"15.5.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.5.0","versionEndExcluding":"15.5.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"15.4.0","versionEndExcluding":"15.4.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"15.3.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"15.3.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}