Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling

  • Published: May 19, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-1416
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
gitlab / gitlab 14.10.0 14.10.0.x
gitlab / gitlab 14.9.0 14.9.4
gitlab / gitlab 1.0.2 14.8.6