An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/468937 | Broken Link |
https://hackerone.com/reports/2542483 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
23 Aug 2024, 17:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* |
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/468937 - Broken Link | |
References | () https://hackerone.com/reports/2542483 - Permissions Required |
08 Aug 2024, 13:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Aug 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-08 10:15
Updated : 2024-08-23 17:01
NVD link : CVE-2024-6329
Mitre link : CVE-2024-6329
CVE.ORG link : CVE-2024-6329
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-116
Improper Encoding or Escaping of Output