CVE-2022-3573

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.4 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2

Description The issue arises from inadequate filtering of query parameters on the wiki changes page, allowing an attacker to execute arbitrary JavaScript on self-hosted instances without strict Content Security Policy (CSP). This can lead to the execution of arbitrary JavaScript code.

Recommendations For versions 15.4 through 15.5.7, update to version 15.5.7 or later. For versions 15.6 through 15.6.4, update to version 15.6.4 or later. For versions 15.7 through 15.7.2, update to version 15.7.2 or later. As a temporary workaround, consider implementing strict Content Security Policy (CSP) on self-hosted instances to minimize the risk of exploitation.