Vulnerability Details CVE-2022-4007
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 5.4
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4007.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/382789
- https://hackerone.com/reports/1767745
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4007.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/382789
- https://hackerone.com/reports/1767745
Products affected by CVE-2022-4007
-
cpe:2.3:a:gitlab:gitlab:15.3
-
cpe:2.3:a:gitlab:gitlab:15.3.0
-
cpe:2.3:a:gitlab:gitlab:15.3.1
-
cpe:2.3:a:gitlab:gitlab:15.3.2
-
cpe:2.3:a:gitlab:gitlab:15.3.4
-
cpe:2.3:a:gitlab:gitlab:15.3.5
-
cpe:2.3:a:gitlab:gitlab:15.4
-
cpe:2.3:a:gitlab:gitlab:15.4.0
-
cpe:2.3:a:gitlab:gitlab:15.4.4
-
cpe:2.3:a:gitlab:gitlab:15.4.6
-
cpe:2.3:a:gitlab:gitlab:15.5.0
-
cpe:2.3:a:gitlab:gitlab:15.5.2
-
cpe:2.3:a:gitlab:gitlab:15.5.3
-
cpe:2.3:a:gitlab:gitlab:15.5.5
-
cpe:2.3:a:gitlab:gitlab:15.5.6
-
cpe:2.3:a:gitlab:gitlab:15.5.7
-
cpe:2.3:a:gitlab:gitlab:15.6.0
-
cpe:2.3:a:gitlab:gitlab:15.6.1
-
cpe:2.3:a:gitlab:gitlab:15.6.2
-
cpe:2.3:a:gitlab:gitlab:15.6.3
-
cpe:2.3:a:gitlab:gitlab:15.6.4
-
cpe:2.3:a:gitlab:gitlab:15.7.0
-
cpe:2.3:a:gitlab:gitlab:15.7.1
-
cpe:2.3:a:gitlab:gitlab:15.7.2
-
cpe:2.3:a:gitlab:gitlab:15.7.7
-
cpe:2.3:a:gitlab:gitlab:15.8.0
-
cpe:2.3:a:gitlab:gitlab:15.8.1
-
cpe:2.3:a:gitlab:gitlab:15.8.2
-
cpe:2.3:a:gitlab:gitlab:15.8.3
-
cpe:2.3:a:gitlab:gitlab:15.9.0
-
cpe:2.3:a:gitlab:gitlab:15.9.1