A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/471049 | Broken Link |
https://hackerone.com/reports/2567533 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
16 Oct 2024, 16:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/471049 - Broken Link | |
References | () https://hackerone.com/reports/2567533 - Permissions Required | |
Summary |
|
|
First Time |
Gitlab
Gitlab gitlab |
10 Oct 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-10 12:15
Updated : 2024-10-16 16:53
NVD link : CVE-2024-6530
Mitre link : CVE-2024-6530
CVE.ORG link : CVE-2024-6530
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')