vulnerability

Gitlab Gitlab: CVE-2022-3288: Modification of Assumed-Immutable Data (MAID)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Oct 17, 2022	Apr 22, 2025	Sep 18, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Oct 17, 2022

Added

Apr 22, 2025

Modified

Sep 18, 2025

Description

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-471
CVE-2022-3288
https://attackerkb.com/topics/CVE-2022-3288
URL-https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json
URL-https://gitlab.com/gitlab-org/gitlab/-/issues/354948
URL-https://hackerone.com/reports/1498354

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today