vulnerability

Gitlab Gitlab: CVE-2022-2250: URL Redirection to Untrusted Site

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jul 1, 2022

Added

Apr 22, 2025

Modified

Mar 25, 2026

Description

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-601
CVE-2022-2250
https://attackerkb.com/topics/CVE-2022-2250
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2250.json
https://gitlab.com/gitlab-org/gitlab/-/issues/355509
https://hackerone.com/reports/1506126
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-34528

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report