CVE-2022-1940

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1940
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1940.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1940
Aliases
Published
2022-06-06T16:52:22Z
Modified
2025-12-04T11:37:26.529920Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1940.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
47f41a4a74f364c731aafd34a93bddb630f62230
Fixed
661f7e4160fd380b54f36039b0e7f585b4cdb647
Database specific 
{
    "versions": [
        {
            "introduced": "13.11"
        },
        {
            "fixed": "14.9.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
ad109bc62af12e7a4e8da0a93255cf7d795705a0
Fixed
94a44086fe6f7c511db20bc89b779e3e46bf6b55
Database specific 
{
    "versions": [
        {
            "introduced": "14.10"
        },
        {
            "fixed": "14.10.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b397c1753233301037d0ca3caae23ce116505d3
Fixed
d69f38d4a95eb664a8987247b61d8d1130c9f94a
Database specific 
{
    "versions": [
        {
            "introduced": "15.0"
        },
        {
            "fixed": "15.0.1"
        }
    ]
}

Affected versions

v14.*

v14.10.0-ee
v14.10.1-ee
v14.10.2-ee
v14.10.3-ee

v15.*

v15.0.0-ee