CVE-2022-2250

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2250

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2250.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2250

Aliases

BIT-gitlab-2022-2250

Downstream

UBUNTU-CVE-2022-2250

Published

2022-07-01T15:03:14Z

Modified

2025-12-04T11:38:28.628297Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2250.json",
    "cna_assigner": "GitLab"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

7c11ed8c916a10f6d9c32635986008b48410531f

Fixed

af6735ad95ff7a4578c8548d37ce9e8247385d5e

Database specific

{
    "versions": [
        {
            "introduced": "11.1"
        },
        {
            "fixed": "14.10.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

3b397c1753233301037d0ca3caae23ce116505d3

Fixed

81f47cb467e3387cea11b909ea6b977e28b3b4d2

Database specific

{
    "versions": [
        {
            "introduced": "15.0"
        },
        {
            "fixed": "15.0.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

31c24d2d8643ee22211ef544a4538c4420e96dc9

Fixed

61c8658b23e2cc1116acb740418d99c6d227e13f

Database specific

{
    "versions": [
        {
            "introduced": "15.1"
        },
        {
            "fixed": "15.1.1"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v11.*

v11.1.0.pre

v11.2.0.pre

v11.3.0.pre

v14.*

v14.10.0-ee

v14.10.0-rc42-ee

v14.10.1-ee

v14.10.2-ee

v14.10.3-ee

v14.10.4-ee

v15.*

v15.0.0-ee

v15.0.1-ee

v15.0.2-ee

v15.0.3-ee

v15.1.0-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee