← volver
CVE-2022-3513

CVE-2022-3513

CVSS 6.1 MEDIUMEPSS 0.7%CWE-79
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/377970https://hackerone.com/reports/1728015