An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0124.json | Third Party Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/340176 | Broken Link |
https://hackerone.com/reports/1310778 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-116 |
Information
Published : 2022-01-18 17:15
Updated : 2024-02-28 18:48
NVD link : CVE-2022-0124
Mitre link : CVE-2022-0124
CVE.ORG link : CVE-2022-0124
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-116
Improper Encoding or Escaping of Output