CVE-2022-3513 — Vulnetix

CVE-2022-3513 PUBLISHED

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.

EPSS 27.49% · 96.5th percentile

Risk Scores

EPSS Score

27.49%

96.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	12.8.0, 15.9.0, 15.10.0
Bitnami	gitlab	12.8.0, 15.9.0, 15.10.0

Exploit Intelligence

https://gitlab.com/gitlab-org/gitlab/-/issues/377970 (circl)
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json (circl)
https://hackerone.com/reports/1728015 (bitnami)

Timeline

Jul 1, 2022 CVE Published
Apr 6, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 25, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 3, 2025 CVE Updated
Apr 8, 2025 EPSS Score
Apr 9, 2025 EPSS Score
Apr 13, 2025 EPSS Score

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3513.json url
https://gitlab.com/gitlab-org/gitlab/-/issues/377970 url
https://hackerone.com/reports/1728015 url
https://nvd.nist.gov/vuln/detail/CVE-2022-3513 url

Open in Interactive Console →