CVE-2022-4092: 
GitLab vulnerability analysis and mitigation

An HTML content injection vulnerability was discovered in GitLab Enterprise Edition (CVE-2022-4092) affecting all versions from 15.6 before 15.6.1. The vulnerability allowed attackers to create malicious README files due to improper neutralization of user-supplied input (NVD, GitLab Advisory).

The vulnerability stems from a change in how GitLab renders plain text files, specifically in the markup rendering service. The flaw exists in the plain_unsafe method which allows injection of HTML content, although the content is sanitized by Dumpurify via v-safe-html. While sanitization is in place, it still permits certain HTML tags that could be exploited. The vulnerability has been assigned a CVSS v3.1 base score of 8.0 (HIGH) by NVD and 5.7 (MEDIUM) by GitLab Inc., with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow attackers to create deceptive content, particularly by injecting HTML that mimics GitLab's login form. When users enter their credentials into these fake forms, their accounts could be compromised. The impact is particularly significant because README files are loaded by default in the main view of a project, making it easier for attackers to trick users into revealing their credentials (GitLab Issue).

The vulnerability has been fixed in GitLab version 15.6.1. Users are advised to upgrade to this version or later to protect against this vulnerability. The fix involves proper escaping of HTML tags in plain text files (NVD).