CVE-2022-1940

2022-06-0616:52:22

GitLab

www.cve.org

stored cross-site scripting

jira integration

gitlab ee

versions 13.11 to 14.9.5

versions 14.10 to 14.10.4

versions 15.0 to 15.0.1

arbitrary javascript code

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

28.6%

JSON

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim’s behalf via specially crafted Jira Issues

CNA Affected

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=13.11, <14.9.5"
      },
      {
        "status": "affected",
        "version": ">=14.10, <14.10.4"
      },
      {
        "status": "affected",
        "version": ">=15.0, <15.0.1"
      }
    ]
  }
]