CVE-2018-14605

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 03:49

Type Values Removed Values Added
References () https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ - Release Notes, Vendor Advisory () https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ - Release Notes, Vendor Advisory
References () https://gitlab.com/gitlab-org/gitlab-ce/issues/47793 - Vendor Advisory () https://gitlab.com/gitlab-org/gitlab-ce/issues/47793 - Vendor Advisory

Information

Published : 2018-07-27 02:29

Updated : 2024-11-21 03:49


NVD link : CVE-2018-14605

Mitre link : CVE-2018-14605

CVE.ORG link : CVE-2018-14605


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')