UBUNTU-CVE-2022-3486

Source
https://ubuntu.com/security/CVE-2022-3486
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3486.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-3486
Related
Published
2022-11-09T23:15:00Z
Modified
2022-11-09T23:15:00Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.

References

Affected packages

Ubuntu:Pro:16.04:LTS / gitlab

Package

Name
gitlab
Purl
pkg:deb/ubuntu/gitlab?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.4.3+dfsg-9
8.4.3+dfsg-12
8.5.8+dfsg-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}