icon

We found results for “

CVE-2022-2865

Good to know:

icon

Date: August 17, 2022

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to exploit a vulnerability in setting the labels color feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

Language: Ruby

Severity Score

Severity Score

Top Fix

icon

Upgrade Version

Upgrade to version v15.1.6,v15.2.4,v15.3.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us