Published: 04/04/2022 Updated: 11/04/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Improper handling of user input in GitLab CE/EE versions 8.3 before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2 allowed an malicious user to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab

GitLab issues critical update after hard-coding passwords into accounts

The Register • Thomas Claburn in San Francisco • 01 Jan 1970

Get our weekly newsletter Fixed passphrases for OmniAuth users not such a great idea

GitLab on Thursday issued security updates for three versions of GitLab Community Edition (CE) and Enterprise Edition (EE) software that address, among other flaws, a critical hard-coded password bug. The cloud-hosted software version control service released versions 14.9.2, 14.8.5, and 14.7.7 of its self-hosted CE and EE software, fixing one "critical" security vulnerability (CVE-2022-1162), as well as two rated "high," nine rated "medium," and four rated "low." "A hard-coded password was set ...

CVE-2022-1190

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect