PT-2017-18520 · Gitlab · Gitlab

Published

2017-05-04

Updated

2017-05-15

CVE-2017-8778

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 8.14.9 GitLab versions 8.15.x prior to 8.15.6 GitLab versions 8.16.x prior to 8.16.5

Description The issue is related to a scripting element in an SVG document that can be used to exploit an XSS vulnerability. This can occur when the element is used in an issue attachment or avatar.

Recommendations For GitLab versions prior to 8.14.9, update to version 8.14.9 or later. For GitLab versions 8.15.x prior to 8.15.6, update to version 8.15.6 or later. For GitLab versions 8.16.x prior to 8.16.5, update to version 8.16.5 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-8778

Affected Products

Gitlab

PT-2017-18520 · Gitlab · Gitlab

CVE-2017-8778

Weakness Enumeration

Related Identifiers

Affected Products

References · 4