CVE-2022-4007 MEDIUM

CVE-2022-4007

Vendor Gitlab

Product GitLab

Published March 8, 2023

Last update March 12, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

Key dates

02Disclosure timeline

March 8, 2023 CVE published

March 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4007

Identifiers

CVE CVE-2022-4007

CVSS 5.4 / MEDIUM

Affected versions

Vendor Gitlab

Product GitLab

Affected >=15.3, <15.7.8

Vendor Gitlab

Product GitLab

Affected >=15.8, <15.8.4

Vendor Gitlab

Product GitLab

Affected >=15.9, <15.9.2