CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
Configurations

No configuration.

History

12 Apr 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 16.9 anteriores a 16.9.4, todas las versiones desde 16.10 anteriores a 16.10.2. Una carga útil puede generar un XSS almacenado mientras se usa el visor de diferencias, lo que permite a los atacantes realizar acciones arbitrarias en nombre de las víctimas.

12 Apr 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-12 01:15

Updated : 2024-04-12 12:43


NVD link : CVE-2024-3092

Mitre link : CVE-2024-3092

CVE.ORG link : CVE-2024-3092


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')