CVE-2022-3381

Summary

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=10.0, <15.7.8affected
GitLabGitLab>=15.8, <15.8.4affected
GitLabGitLab>=15.9, <15.9.2affected

Weaknesses

  • Url redirection to untrusted site ('open redirect') in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References