CVE-2022-1190
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in GitLab allows attackers to inject malicious scripts into issue descriptions, comments, and other user-generated content by exploiting improper handling of multi-word milestone references. When other users view the compromised content, the scripts execute in their browsers, potentially stealing credentials, session tokens, or performing unauthorized actions. Affected users include all GitLab CE/EE instances running vulnerable versions.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, deploy ransomware, or pivot to internal network systems through authenticated users' browsers.
Likely Case
Attackers steal user session cookies and authentication tokens to gain unauthorized access to repositories, pipelines, and sensitive data.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing exploitation.
🎯 Exploit Status
Exploitation requires at least contributor-level access to create or edit issues/comments. Public proof-of-concept demonstrates the injection technique.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 14.7.7, 14.8.5, or 14.9.2
Vendor Advisory: https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1190.json
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 14.7.7, 14.8.5, or 14.9.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable user-generated content features
linuxTemporarily disable issue creation, comments, and other user input features until patching is complete.
gitlab-rails console
Feature.disable(:issues)
Feature.disable(:notes)
Implement WAF rules
allConfigure web application firewall to block XSS payloads in milestone references.
🧯 If You Can't Patch
- Restrict user permissions to prevent contributors from creating or editing issues/comments
- Implement Content Security Policy (CSP) headers to mitigate script execution impact
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or command: sudo gitlab-rake gitlab:env:infoCheck Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Confirm version is 14.7.7, 14.8.5, or 14.9.2 or higher. Test milestone reference input sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual patterns in milestone references in issue/comment logs
- Multiple failed XSS attempts in web server logs
Network Indicators:
- Unexpected outbound connections from GitLab server after viewing user content
- Suspicious JavaScript payloads in HTTP requests
SIEM Query:
source="gitlab.log" AND ("milestone" AND "script" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1190.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/352392
- https://hackerone.com/reports/1455036
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1190.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/352392
- https://hackerone.com/reports/1455036
