virus logo Intrusion Prevention

GitLab.Community.and.Enterprise.Edition.Project.Settings.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scipting Vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE).
The vulnerability is due to improper input validation of the deploy key name. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation could result in the execution of script code in the security context of a target user's browser.

affected-products-logoAffected Products

GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 15.0.x prior to 15.0.4
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 15.1.x prior to 15.1.1
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 14.10.5

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-08-16 21.375 Default_action:pass:drop
2022-08-08 21.369
ID 51931
Created Jul 28, 2022
Updated Aug 15, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2022-2230
Exploit Prediction Score 0.11%
Default Action drop
Active
Affected OS Linux
Affected App Other