CVE-2022-2250
MEDIUMGitLab 11.1-14.10.5 15.0-15.0.4 15.1-15.1.1 - Open Redirect
Title source: llmDescription
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/355509
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1506126
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.json
Scores
CVSS v3
4.7
EPSS
0.0027
EPSS Percentile
50.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (3)
gitlab/gitlab
15.1.0 (2 CPE variants)
gitlab/gitlab
11.1.0 - 14.0.5
gitlab/gitlab
11.1.0 - 14.10.5
Published
Jul 01, 2022
Tracked Since
Feb 18, 2026