Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE - CVE-2022-1940 (rpm)ID: oval:org.secpod.oval:def:82143 | Date: (C)2022-07-15 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab EE 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, or 15.0 prior to 15.0.1 and is prone to a stored cross-site scripting vulnerability. A flaw is present in the application, which fails to handle specially crafted Jira Issues. Successful exploitation allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.