A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/455318 | Broken Link |
https://gitlab.com/gitlab-org/gitlab/-/issues/455318 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/455318 - Broken Link |
26 Aug 2024, 16:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab gitlab
Gitlab |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:7.2.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:7.2.0:*:*:*:enterprise:*:*:* |
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/455318 - Broken Link | |
Summary |
|
25 Jul 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 01:15
Updated : 2024-11-21 09:50
NVD link : CVE-2024-7047
Mitre link : CVE-2024-7047
CVE.ORG link : CVE-2024-7047
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')