An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/408281 | Broken Link Vendor Advisory |
https://hackerone.com/reports/1935628 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-116 |
20 Jul 2023, 20:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
First Time |
Gitlab
Gitlab gitlab |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://hackerone.com/reports/1935628 - Third Party Advisory | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/408281 - Broken Link, Vendor Advisory |
13 Jul 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 03:15
Updated : 2024-10-03 07:15
NVD link : CVE-2023-2200
Mitre link : CVE-2023-2200
CVE.ORG link : CVE-2023-2200
JSON object : View
Products Affected
gitlab
- gitlab