CVE-2022-2904 in Community Edition
Summary
by MITRE • 11/03/2022
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/28/2026
The vulnerability identified as CVE-2022-2904 represents a critical cross-site scripting weakness within GitLab Community and Enterprise editions that has significant implications for software development and collaboration platforms. This vulnerability specifically affects versions of GitLab beginning with 15.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1, creating a window of exposure for organizations utilizing these affected releases. The flaw manifests through the external status checks feature, which is designed to integrate with third-party services and provide automated status reporting for merge requests and other GitLab operations. This particular attack vector demonstrates how seemingly legitimate integration features can become entry points for malicious actors seeking to exploit client-side vulnerabilities.
The technical implementation of this vulnerability stems from inadequate input validation and output encoding within the external status checks functionality. When users configure external status checks for their projects, the system processes and displays external status information without proper sanitization of user-controllable data. This oversight allows attackers to inject malicious script code into status check configurations that gets executed whenever legitimate users view the affected pages. The stored nature of this XSS vulnerability means that malicious payloads persist in the system and execute automatically whenever affected users access the relevant project pages, making the attack particularly dangerous as it can affect multiple users over extended periods. This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, where insufficient validation of user inputs leads to malicious scripts being executed in the context of other users.
The operational impact of CVE-2022-2904 extends beyond simple script execution, as it provides attackers with the capability to perform arbitrary actions on behalf of victims within the browser context. This could enable attackers to steal session cookies, modify project configurations, access sensitive information, or even escalate privileges within the GitLab environment. The attack scenario becomes particularly concerning when considering that GitLab serves as a central hub for software development workflows, making it a valuable target for threat actors seeking to gain unauthorized access to development environments. The stored nature of the vulnerability means that attackers need only inject the malicious payload once, after which it can affect all users who view the affected project pages, potentially compromising multiple team members simultaneously. This type of vulnerability directly maps to ATT&CK technique T1531 which focuses on modifying existing programs or system processes to maintain persistent access.
Organizations utilizing GitLab must prioritize immediate remediation through patching to address this vulnerability, with the recommended versions being 15.2.5, 15.3.4, and 15.4.1 respectively. Beyond patching, administrators should implement additional security controls such as monitoring external status check configurations for suspicious entries and conducting regular audits of project settings. The vulnerability highlights the importance of proper input validation and output encoding practices, particularly for features that integrate with external systems. Security teams should also consider implementing content security policies that restrict script execution and limit the potential impact of similar vulnerabilities in other parts of the GitLab application. Regular security assessments of integration points and third-party feature implementations are essential to prevent similar issues from emerging in other areas of the platform, reinforcing the need for comprehensive security testing throughout the software development lifecycle.