CVE-2022-0124
MEDIUMGitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Open Redirect
Title source: llmDescription
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/340176
Permissions Required x_refsource_misc
https://hackerone.com/reports/1310778
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0124.json
Scores
CVSS v3
4.3
EPSS
0.0027
EPSS Percentile
50.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-116
Status
published
Products (1)
gitlab/gitlab
< 14.4.5 (2 CPE variants)
Published
Jan 18, 2022
Tracked Since
Feb 18, 2026