An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/408281 | Broken Link Vendor Advisory |
https://hackerone.com/reports/1935628 | Third Party Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/408281 | Broken Link Vendor Advisory |
https://hackerone.com/reports/1935628 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/408281 - Broken Link, Vendor Advisory | |
References | () https://hackerone.com/reports/1935628 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.1 |
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-116 |
20 Jul 2023, 20:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | (MISC) https://hackerone.com/reports/1935628 - Third Party Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/408281 - Broken Link, Vendor Advisory | |
First Time |
Gitlab
Gitlab gitlab |
|
CWE | CWE-79 |
13 Jul 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 03:15
Updated : 2024-11-21 07:58
NVD link : CVE-2023-2200
Mitre link : CVE-2023-2200
CVE.ORG link : CVE-2023-2200
JSON object : View
Products Affected
gitlab
- gitlab