Vulnerability CVE-2022-1190 - CERT Civis.Net

Vulnerability Name:

CVE-2022-1190 (CCN-223267)

Assigned:

2022-03-31

Published:

2022-03-31

Updated:

2022-04-11

Summary:

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

8.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2022-1190

Source: CCN
Type: GitLab Web site
GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7

Source: XF
Type: UNKNOWN
gitlab-cve20221190-xss(223267)

Source: CONFIRM
Type: Vendor Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1190.json

Source: MISC
Type: Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/352392

Source: MISC
Type: Permissions Required, Third Party Advisory
https://hackerone.com/reports/1455036

Vulnerable Configuration:

Configuration 1:

cpe:/a:gitlab:gitlab:*:*:*:*:community:*:*:* (Version >= 8.3.0 and < 14.7.7)

OR cpe:/a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (Version >= 8.3.0 and < 14.7.7)

OR cpe:/a:gitlab:gitlab:*:*:*:*:community:*:*:* (Version >= 14.8.0 and < 14.8.5)

OR cpe:/a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (Version >= 14.8.0 and < 14.8.5)

OR cpe:/a:gitlab:gitlab:*:*:*:*:community:*:*:* (Version >= 14.9.0 and < 14.9.2)

OR cpe:/a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (Version >= 14.9.0 and < 14.9.2)

Configuration CCN 1:

cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.1.6:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:10.1.5::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.2.5::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.3.3::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.5.10::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.1::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.6.4:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:10.5.7:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.1::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.6.4:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:10.5.7:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.5::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.5::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.8.4::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.8.4::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:11.0.0::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:11.0.0::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:11.7:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.4.13:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.5.6:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.6.3:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.4.13:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:11.5.6:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:11.6.3:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.1.1:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.11.5:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.11.5:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.1.1:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.0.3:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.0.3:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.11.7:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:11.11.7:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:12.0.4:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:12.0.4:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.1.2:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.1.2:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:12.9.2:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:12.9.2:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:13.0.1:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:13.0.1:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.6.6:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:12.6.6:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:13.10.3:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:9.5:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:14.8:*:*:*:enterprise:*:*:*

Denotes that component is vulnerable