Login Sign Up

CVE-2022-1175

8.7 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious HTML into GitLab notes, leading to cross-site scripting (XSS) attacks. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations running vulnerable versions. Any user who can create or edit notes could potentially exploit this vulnerability.

💻 Affected Systems

Products:
  • GitLab Community Edition
  • GitLab Enterprise Edition
Versions: 14.4 to 14.7.6, 14.8.0 to 14.8.4, 14.9.0 to 14.9.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with note functionality enabled are vulnerable. No special configuration required.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect users to malicious sites, or compromise user accounts through stored XSS payloads.

🟠

Likely Case

Attackers inject malicious scripts that steal session tokens or credentials when other users view the compromised notes.

🟢

If Mitigated

With proper input validation and output encoding, the injected HTML would be rendered harmless as plain text.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user authentication with note creation/edit permissions. Public proof-of-concept demonstrates HTML injection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.7.7, 14.8.5, or 14.9.2

Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.json

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 14.7.7, 14.8.5, or 14.9.2 depending on your current version track. 3. Restart GitLab services. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable note functionality

all

Temporarily disable note creation and editing across the GitLab instance

# Requires GitLab admin access and configuration changes

Content Security Policy (CSP)

all

Implement strict CSP headers to mitigate XSS impact

# Add to GitLab configuration: Content-Security-Policy: default-src 'self'

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block HTML injection patterns
  • Restrict note creation permissions to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin interface or command: sudo gitlab-rake gitlab:env:info

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'

Verify Fix Applied:

Confirm version is 14.7.7+, 14.8.5+, or 14.9.2+ and test note functionality for HTML sanitization

📡 Detection & Monitoring

Log Indicators:

  • Unusual note creation patterns
  • HTML/script tags in note content logs
  • Multiple failed XSS attempts

Network Indicators:

  • Unexpected external script loads from note pages
  • Suspicious outbound connections after viewing notes

SIEM Query:

source="gitlab" AND ("note" OR "comment") AND ("script" OR "javascript" OR "onclick" OR "<img")

📊 Metadata

CVE ID: CVE-2022-1175
CVSS v3 Score: 8.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-79
Published: April 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1175, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)