Unrated severityNVD Advisory· Published Nov 2, 2022· Updated May 2, 2025
CVE-2022-2904
CVE-2022-2904
Description
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3>=15.2 <15.2.5, >=15.3 <15.3.4, >=15.4 <15.4.1+ 1 more
- (no CPE)range: >=15.2 <15.2.5, >=15.3 <15.3.4, >=15.4 <15.4.1
- (no CPE)range: >=15.4, <15.4.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.