Zercurity data services
  • Expand groupSummary
  • Applications (0)
  • Packages (0)
  • System updates (0)
  • Operating systems (0)

CVE-2022-3572

Description
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.
  • Risk: 6
CVSSv3
    CVSSv2

      Raw Object

      {
  "uuid": "45462e57-5559-7d16-455a-470b6c755059",
  "name": "CVE-2022-3572",
  "description": "A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.",
  "cvss": null,
  "score": 0,
  "severity": "NONE",
  "cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
  "score3": 6.1,
  "severity3": "MEDIUM",
  "applications": [],
  "packages": [],
  "updates": [],
  "os": [],
  "risk": 6,
  "created_at": "2022-12-02T12:40:07+00:00",
  "updated_at": "2023-02-01T17:17:00+00:00",
  "deleted_at": null
}