CVE-2022-1416

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1416

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1416.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1416

Aliases

BIT-gitlab-2022-1416

Published

2022-05-19T18:15:09Z

Modified

2024-10-12T09:20:39.481379Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

3a2b273316fb29d63b489906f85d9b5329377258

Fixed

bba387c3128c9725b46e3b9dee0ac3809ca89c40

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v1.*

v1.0.2

v1.1.0pre

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v10.*

v10.1.0.pre

v10.2.0.pre

v10.3.0.pre

v10.4.0.pre

v10.5.0.pre

v10.6.0.pre

v10.7.0.pre

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0.pre

v11.3.0.pre

v14.*

v14.8.0-ee

v14.8.0-rc42-ee

v14.8.1-ee

v14.8.2-ee

v14.8.3-ee

v14.8.4-ee

v14.8.5-ee

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.2.0pre

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v5.3.0

v6.*

v6.0.0

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.0

v6.2.1

v6.2.2

v6.3.0

v6.3.0-ee

v6.3.1-ee

v6.4.0

v6.4.0-ee

v6.4.0.pre1

v6.4.0.pre2

v6.4.0.pre3

v6.4.1

v6.4.2

v6.4.3

v6.5.0

v6.5.0-ee

v6.5.0.rc1

v6.5.1

v6.6.0

v6.6.0-ee

v6.6.0.pre1

v6.6.0.rc1

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0

v6.8.0-ee

v6.8.0.rc1

v6.8.1

v6.9.0.rc1

v7.*

v7.0.0

v7.0.0-ee

v7.0.0.rc1

v7.1.0

v7.1.0-ee

v7.1.0.rc1

v7.1.0.rc1-ee

v7.2.0.rc1

v7.2.0.rc1-ee

v7.2.0.rc2

v7.2.0.rc2-ee

v7.2.0.rc3

v7.2.0.rc3-ee

v7.2.0.rc4

v7.2.0.rc4-ee

v7.2.0.rc5

v7.2.0.rc5-ee

v7.3.0

v7.3.0-ee

v7.3.0.rc1

v7.3.0.rc1-ee

v7.4.0

v7.4.0-ee

v7.4.1

v7.4.1-ee

v7.4.2

v7.4.2-ee

v7.4.3

v7.4.3-ee

v7.4.4-ee

v8.*

v8.10.0.pre

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.0.pre

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.13.0.pre

v8.14.0.pre

v8.15.0.pre

v8.16.0.pre

v8.17.0.pre

v8.18.0.pre

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.4.0.rc1

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

v9.*

v9.1.0.pre

v9.2.0.pre

v9.3.0.pre

v9.5.0.pre

v9.6.0.pre