CVE-2022-3486

MEDIUM

GitLab 9.3-15.3.5, 15.4-15.4.4, 15.5-15.5.2 - Open Redirect

Title source: llm

Description

An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.

References (3)

Core 3

Core References

Vendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json

Broken Link

https://gitlab.com/gitlab-org/gitlab/-/issues/377810

Permissions Required, Third Party Advisory

https://hackerone.com/reports/1725190

Scores

CVSS v3 4.7

EPSS 0.0038

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

gitlab/gitlab 9.4.0 - 15.3.5 (2 CPE variants)

Published Nov 09, 2022

Tracked Since Feb 18, 2026