← Zuruck zu CVEs
CVE-2022-1940
HIGH7.7
Beschreibung
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
CVE Details
CVSS v3.1 Bewertung7.7
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht6/6/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gitlab:gitlab
Schwachen (CWE)
CWE-79
Referenzen
https://gitlab.com/gitlab-org/gitlab/-/issues/359142(cve@gitlab.com)
https://hackerone.com/reports/1533976(cve@gitlab.com)
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1940.json(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/359142(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1533976(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.