CVE-2022-3573 in Community Edition
Summary
by MITRE • 01/12/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/08/2025
The vulnerability identified as CVE-2022-3573 represents a critical cross-site scripting flaw within GitLab Community and Enterprise Edition platforms that affects multiple version ranges including 15.4 through 15.5.6, 15.6 through 15.6.3, and 15.7 through 15.7.1. This issue stems from inadequate input validation mechanisms in the wiki changes page functionality, creating a pathway for malicious actors to inject and execute arbitrary JavaScript code within the context of the victim's browser session. The flaw specifically targets self-hosted GitLab instances that operate without strict Content Security Policy enforcement, making these deployments particularly vulnerable to exploitation.
The technical root cause of this vulnerability aligns with CWE-79, which categorizes cross-site scripting flaws as weaknesses in input validation and output encoding. The improper filtering of query parameters in the wiki changes page allows attackers to manipulate URL parameters in ways that bypass existing security controls. When users navigate to affected wiki pages with maliciously crafted query strings, the application fails to properly sanitize or escape the input before rendering it in the web interface. This creates an environment where JavaScript code embedded within the query parameters executes in the context of other users' sessions, potentially leading to session hijacking, data exfiltration, or further escalation attacks.
The operational impact of CVE-2022-3573 extends beyond simple script execution, as it enables attackers to leverage the trust relationship between the GitLab application and its users. In environments where developers and administrators frequently access wiki pages, an attacker could craft malicious URLs that, when clicked by a victim, execute scripts that steal session cookies, redirect users to phishing sites, or modify repository content. The vulnerability's exploitation becomes particularly dangerous in collaborative development environments where multiple users regularly interact with wiki content, as the attack surface expands to include all users who view the affected pages. This risk is amplified in organizations that do not enforce strict Content Security Policy headers, which would otherwise provide additional protection against such script injection attacks.
Organizations affected by this vulnerability should prioritize immediate remediation through patching to versions 15.5.7, 15.6.4, or 15.7.2, depending on their current GitLab version. Beyond patch management, system administrators should implement strict Content Security Policy headers to provide defense-in-depth measures against similar vulnerabilities. The ATT&CK framework categorizes this type of vulnerability under T1059.007 for Scripting, specifically targeting the execution of malicious code through web-based interfaces. Security teams should also consider implementing web application firewalls to detect and block suspicious query parameter patterns, while monitoring for unusual access patterns in wiki-related functionality. Regular security assessments of web applications should include testing for parameter sanitization and input validation weaknesses to prevent similar vulnerabilities from persisting in the codebase.