CVE-2022-2428 in Enterprise Editioninfo

Summary

by MITRE • 10/17/2022

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/25/2026

The vulnerability identified as CVE-2022-2428 represents a critical server-side request forgery flaw within GitLab's Jupyter Notebook viewer functionality. This issue affects both GitLab Enterprise Edition and Community Edition across multiple version ranges including all versions prior to 15.1.6, versions 15.2 through 15.2.4, and versions 15.3 through 15.3.2. The vulnerability stems from inadequate input validation and sanitization mechanisms within the notebook viewer component that processes user-provided tags and metadata. Attackers can exploit this weakness by crafting malicious tags that contain specially formatted HTTP requests, which are then executed by the GitLab server when rendering notebooks in the viewer interface.

The technical exploitation of this vulnerability occurs through the manipulation of notebook metadata fields that are processed by the Jupyter viewer component. When GitLab renders a notebook containing crafted tags, the system fails to properly validate or sanitize the tag content before processing HTTP requests. This allows an attacker to inject malicious HTTP requests that can target internal network services, external systems, or even the GitLab server itself. The flaw essentially enables attackers to perform unauthorized network operations from the GitLab server's perspective, bypassing normal network security controls and access restrictions. This type of vulnerability falls under CWE-918, which specifically addresses server-side request forgery issues where attackers can manipulate server-side operations through crafted input.

The operational impact of CVE-2022-2428 extends beyond simple unauthorized access, as it can enable attackers to perform reconnaissance activities against internal systems, exfiltrate sensitive data, or even escalate privileges within the GitLab environment. The vulnerability is particularly dangerous in enterprise environments where GitLab instances may have access to internal networks and sensitive systems. An attacker could potentially use this flaw to access internal APIs, databases, or other services that are normally protected by network segmentation. The attack vector is particularly concerning because it requires minimal privileges to exploit and can be executed through standard notebook sharing mechanisms, making it difficult to detect and prevent. According to ATT&CK framework, this vulnerability maps to T1190 - Exploit Public-Facing Application and T1071.004 - Application Layer Protocol: DNS, as the exploitation can occur through standard web application interfaces and may involve DNS resolution of malicious domains.

Mitigation strategies for this vulnerability require immediate patching of affected GitLab instances to versions 15.1.6 or later, 15.2.5 or later, or 15.3.3 or later, depending on the specific version in use. Organizations should also implement network-level restrictions to prevent unauthorized outbound connections from GitLab servers, particularly to internal services that should not be accessible from the web application layer. Additional defensive measures include monitoring for unusual HTTP requests originating from GitLab servers, implementing web application firewalls to detect and block suspicious tag content, and conducting thorough security reviews of notebook sharing and rendering components. Access controls should be strengthened to limit who can upload or share notebooks that may contain malicious content, and regular security assessments should be performed to identify similar vulnerabilities in other components of the GitLab platform. The vulnerability also highlights the importance of validating all user-provided content in web applications and implementing proper input sanitization mechanisms to prevent injection attacks.

Responsible

GitLab Inc.

Reservation

07/15/2022

Disclosure

10/17/2022

Moderation

accepted

CPE

ready

EPSS

0.00754

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!