CVE-2022-2230

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-2230
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2230.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2230
Aliases
Downstream
Published
2022-07-01T15:55:13Z
Modified
2025-12-04T11:38:45.497252Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2230.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
19c719febd74b6edf549bf6a2c0e36bf8f176d56
Fixed
af6735ad95ff7a4578c8548d37ce9e8247385d5e
Database specific 
{
    "versions": [
        {
            "introduced": "14.4"
        },
        {
            "fixed": "14.10.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b397c1753233301037d0ca3caae23ce116505d3
Fixed
81f47cb467e3387cea11b909ea6b977e28b3b4d2
Database specific 
{
    "versions": [
        {
            "introduced": "15.0"
        },
        {
            "fixed": "15.0.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
31c24d2d8643ee22211ef544a4538c4420e96dc9
Fixed
61c8658b23e2cc1116acb740418d99c6d227e13f
Database specific 
{
    "versions": [
        {
            "introduced": "15.1"
        },
        {
            "fixed": "15.1.1"
        }
    ]
}

Affected versions

v15.*

v15.0.0-ee
v15.0.1-ee
v15.0.2-ee
v15.0.3-ee
v15.1.0-ee