CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 06:37

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0124.json - Third Party Advisory () https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0124.json - Third Party Advisory
References () https://gitlab.com/gitlab-org/gitlab/-/issues/340176 - Broken Link () https://gitlab.com/gitlab-org/gitlab/-/issues/340176 - Broken Link
References () https://hackerone.com/reports/1310778 - Permissions Required () https://hackerone.com/reports/1310778 - Permissions Required

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-20 CWE-116

Information

Published : 2022-01-18 17:15

Updated : 2024-11-21 06:37


NVD link : CVE-2022-0124

Mitre link : CVE-2022-0124

CVE.ORG link : CVE-2022-0124


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-116

Improper Encoding or Escaping of Output