CVE-2022-1948 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2022-1948?
CVE-2022-1948 is a security vulnerability affecting GitLab versions 15.0 before 15.0.1. This medium to high severity issue involves missing validation of input used in quick actions, allowing attackers to exploit Cross-Site Scripting (XSS) by injecting HTML in contact details. It impacts both GitLab Community and Enterprise editions, posing a risk to systems running these versions.
Who is impacted by this?
CVE-2022-1948 affects GitLab users on versions 15.0 before 15.0.1, including both Community and Enterprise editions. This XSS vulnerability is caused by missing validation of input used in quick actions, allowing attackers to inject HTML in contact details. Users using the quick commands /add_contacts or /remove_contacts in GitLab's Customer Relations feature are particularly at risk.
What to do if CVE-2022-1948 affected you
If you're affected by the CVE-2022-1948 vulnerability, it's crucial to take action to protect your system. To address this issue, follow these simple steps:
Update your GitLab installation to version 15.0.1 or later.
Ensure that HTML special characters in contact names are escaped to prevent code execution.
By taking these measures, you can help safeguard your system against potential XSS attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-1948 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, discovered in GitLab, affects versions starting from 15.0 before 15.0.1 and involves missing validation of input used in quick actions. As a result, attackers can exploit Cross-Site Scripting (XSS) by injecting HTML in contact details. To protect your system, update your GitLab installation to version 15.0.1 or later and ensure that HTML special characters in contact names are escaped.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-79, which involves improper neutralization of input during web page generation, leading to cross-site scripting.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-1948 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2022-1948?
CVE-2022-1948 is a security vulnerability affecting GitLab versions 15.0 before 15.0.1. This medium to high severity issue involves missing validation of input used in quick actions, allowing attackers to exploit Cross-Site Scripting (XSS) by injecting HTML in contact details. It impacts both GitLab Community and Enterprise editions, posing a risk to systems running these versions.
Who is impacted by this?
CVE-2022-1948 affects GitLab users on versions 15.0 before 15.0.1, including both Community and Enterprise editions. This XSS vulnerability is caused by missing validation of input used in quick actions, allowing attackers to inject HTML in contact details. Users using the quick commands /add_contacts or /remove_contacts in GitLab's Customer Relations feature are particularly at risk.
What to do if CVE-2022-1948 affected you
If you're affected by the CVE-2022-1948 vulnerability, it's crucial to take action to protect your system. To address this issue, follow these simple steps:
Update your GitLab installation to version 15.0.1 or later.
Ensure that HTML special characters in contact names are escaped to prevent code execution.
By taking these measures, you can help safeguard your system against potential XSS attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-1948 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, discovered in GitLab, affects versions starting from 15.0 before 15.0.1 and involves missing validation of input used in quick actions. As a result, attackers can exploit Cross-Site Scripting (XSS) by injecting HTML in contact details. To protect your system, update your GitLab installation to version 15.0.1 or later and ensure that HTML special characters in contact names are escaped.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-79, which involves improper neutralization of input during web page generation, leading to cross-site scripting.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-1948 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2022-1948?
CVE-2022-1948 is a security vulnerability affecting GitLab versions 15.0 before 15.0.1. This medium to high severity issue involves missing validation of input used in quick actions, allowing attackers to exploit Cross-Site Scripting (XSS) by injecting HTML in contact details. It impacts both GitLab Community and Enterprise editions, posing a risk to systems running these versions.
Who is impacted by this?
CVE-2022-1948 affects GitLab users on versions 15.0 before 15.0.1, including both Community and Enterprise editions. This XSS vulnerability is caused by missing validation of input used in quick actions, allowing attackers to inject HTML in contact details. Users using the quick commands /add_contacts or /remove_contacts in GitLab's Customer Relations feature are particularly at risk.
What to do if CVE-2022-1948 affected you
If you're affected by the CVE-2022-1948 vulnerability, it's crucial to take action to protect your system. To address this issue, follow these simple steps:
Update your GitLab installation to version 15.0.1 or later.
Ensure that HTML special characters in contact names are escaped to prevent code execution.
By taking these measures, you can help safeguard your system against potential XSS attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2022-1948 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, discovered in GitLab, affects versions starting from 15.0 before 15.0.1 and involves missing validation of input used in quick actions. As a result, attackers can exploit Cross-Site Scripting (XSS) by injecting HTML in contact details. To protect your system, update your GitLab installation to version 15.0.1 or later and ensure that HTML special characters in contact names are escaped.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-79, which involves improper neutralization of input during web page generation, leading to cross-site scripting.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions