CVE-2022-0427

Summary

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.5, <14.5.4affected
GitLabGitLab>=14.6, <14.6.4affected
GitLabGitLab>=14.7, <14.7.1affected

Weaknesses

  • Cross-site request forgery (csrf) in GitLab

ADP Enrichment

CVE Program Container

Additional References

References