Vulnerability CVE-2022-2500 - CERT Civis.Net

Vulnerability Name:

CVE-2022-2500 (CCN-232965)

Assigned:

2022-08-03

Published:

2022-08-03

Updated:

2022-08-11

Summary:

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2022-2500

Source: XF
Type: UNKNOWN
gitlab-cve20222500-xss(232965)

Source: CCN
Type: GitLab Web site
CVE-2022-2500

Source: CONFIRM
Type: Vendor Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2500.json

Source: MISC
Type: Broken Link, Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/363725

Source: MISC
Type: Permissions Required, Third Party Advisory
https://hackerone.com/reports/1579645

Vulnerable Configuration:

Configuration 1:

cpe:/a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (Version < 15.0.5)

OR cpe:/a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* (Version >= 15.1.0 and < 15.1.4)

OR cpe:/a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*

Configuration 2:

cpe:/a:gitlab:gitlab:*:*:*:*:community:*:*:* (Version < 15.0.5)

OR cpe:/a:gitlab:gitlab:*:*:*:*:community:*:*:* (Version >= 15.1.0 and < 15.1.4)

OR cpe:/a:gitlab:gitlab:15.2:*:*:*:community:*:*:*

Configuration CCN 1:

cpe:/a:gitlab:gitlab:6.2.3:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:6.2.0:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:6.6.0:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:6.6.1:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:9.4.3::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.3.9::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.2.9::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.1.9::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.0.12::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:8.17.7::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.1.6:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:10.1.5::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.1.5::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.2.5::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.2.5::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.3.3::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.3.3::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.5.10::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:9.5.10::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.1::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.6.4:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:10.5.7:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.1::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.6.4:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:10.5.7:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.5::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.7.5::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.8.4::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:10.8.4::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:11.0.0::~~community~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:11.0.0::~~enterprise~~~:*:*:*:*:*

OR cpe:/a:gitlab:gitlab:11.7:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.4.13:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.5.6:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.6.3:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.4.13:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:11.5.6:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:11.6.3:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.1.1:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.11.5:*:*:*:community:*:*:*

OR cpe:/a:gitlab:gitlab:11.11.5:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.1.1:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.0.3:*:*:*:enterprise:*:*:*

OR cpe:/a:gitlab:gitlab:12.0.3:*:*:*:community:*:*:*

Denotes that component is vulnerable