CVE-2022-1433

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1433

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1433.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1433

Aliases

BIT-gitlab-2022-1433

Published

2022-05-11T15:15:09Z

Modified

2024-11-21T06:40:43Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

bba387c3128c9725b46e3b9dee0ac3809ca89c40