CVE-2022-2428

CVSS v2.0

6.6

Medium

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 15.1.6 GitLab versions 15.2 through 15.2.4 GitLab versions 15.3 through 15.3.2

Description The issue is related to insufficient input validation in the ipynb Notebook component of GitLab, a platform for collaborative code work based on git. This can allow a remote attacker to send arbitrary HTTP requests by exploiting a crafted tag in the Jupyter Notebook viewer.

Recommendations For versions prior to 15.1.6, update to version 15.1.6 or later. For versions 15.2 through 15.2.4, update to version 15.2.5 or later. For versions 15.3 through 15.3.2, update to version 15.3.3 or later.

Exploit

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

BDU:2022-05493

BIT-GITLAB-2022-2428

CVE-2022-2428

Affected Products

Gitlab

CVE-2022-2428

Weakness Enumeration

Related Identifiers

Affected Products

References · 14