A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/458236 | Broken Link |
https://hackerone.com/reports/2473917 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 15:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab gitlab
Gitlab |
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/458236 - Broken Link | |
References | () https://hackerone.com/reports/2473917 - Permissions Required | |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
08 Aug 2024, 13:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Aug 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-08 11:15
Updated : 2024-09-18 12:41
NVD link : CVE-2024-4207
Mitre link : CVE-2024-4207
CVE.ORG link : CVE-2024-4207
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')