VYPR
Unrated severityNVD Advisory· Published Nov 2, 2022· Updated May 2, 2025

CVE-2022-2904

CVE-2022-2904

Description

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabllm-fuzzy2 versions
    >=15.2 <15.2.5, >=15.3 <15.3.4, >=15.4 <15.4.1+ 1 more
    • (no CPE)range: >=15.2 <15.2.5, >=15.3 <15.3.4, >=15.4 <15.4.1
    • (no CPE)range: >=15.4, <15.4.1
  • osv-coords
    Range: >= 15.2.0, < 15.2.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.