Candidate: CVE-2022-0124
PublicDate: 2022-01-18 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0124
 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0124.json
 https://gitlab.com/gitlab-org/gitlab/-/issues/340176
 https://hackerone.com/reports/1310778
Description:
 An issue has been discovered affecting GitLab versions prior to 14.4.5,
 between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack
 integration is incorrectly validating user input and allows to craft
 malicious URLs that are sent to slack.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_gitlab:
upstream_gitlab: needs-triage
trusty_gitlab: ignored (out of standard support)
xenial_gitlab: ignored (out of standard support)