CVE-2022-4092

CVSS V2 None CVSS V3 None
Description
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
Overview
  • CVE ID
  • CVE-2022-4092
  • Assigner
  • cve@gitlab.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-26T21:18:06
  • Last Modified Date
  • 2023-02-01T17:30:09
Weakness Enumerations
CWE URL
CWE-74 http://cwe.mitre.org/data/definitions/74.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:* 1 OR
cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:enterprise:*:*:* 1 OR
References
Reference URL Reference Tags
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json
https://gitlab.com/gitlab-org/gitlab/-/issues/383208
https://hackerone.com/reports/1777934
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-4092
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4092
History
Created Old Value New Value Data Type Notes
2023-01-26 23:17:24 Added to TrackCVE
2023-01-27 15:14:53 2023-01-27T14:03:31 CVE Modified Date updated
2023-01-27 15:14:53 Received Awaiting Analysis Vulnerability Status updated
2023-02-01 13:14:17 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-02-01 19:14:27 2023-02-01T17:30:09 CVE Modified Date updated
2023-02-01 19:14:27 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-01 19:14:29 Weakness Enumeration new
2023-02-01 19:14:30 CPE Information updated