CVE-2022-3288

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-3288

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3288.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3288

Aliases

BIT-gitlab-2022-3288

Downstream

UBUNTU-CVE-2022-3288

Published

2022-10-17T00:00:00Z

Modified

2026-04-24T12:06:59.625583Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3288.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

abbda55531f0a9d630eee1dcf2305ca499c94116

Fixed

7b2ed8f038f6184c0485cdae8d97c9f579454ffc

Affected versions

v15.*

v15.4.0-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3288.json"