CVE-2022-1948: 
GitLab vulnerability analysis and mitigation

An issue was discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. The vulnerability involves missing validation of input used in quick actions that allowed attackers to exploit Cross-Site Scripting (XSS) by injecting HTML in contact details (GitLab Release, NVD).

The vulnerability is classified as a high severity issue with a CVSS score of 8.7 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N). The flaw specifically stems from insufficient input validation in the quick actions feature, which could be exploited through HTML injection in contact details (GitLab Release).

If successfully exploited, this vulnerability allows attackers to execute arbitrary JavaScript code in GitLab on a victim's behalf through cross-site scripting attacks (Decipher).

The vulnerability has been patched in GitLab version 15.0.1. Organizations are strongly recommended to upgrade their GitLab installations to this version immediately. GitLab.com is already running the patched version (GitLab Release).

The vulnerability was reported through GitLab's HackerOne bug bounty program by researcher cryptopone, demonstrating the effectiveness of GitLab's security research collaboration program (GitLab Release).