PT-2018-11286 · Gitlab · Gitlab Ce/Ee+1

Sean Mcgivern

Published

2018-08-03

Updated

2018-10-03

CVE-2018-12605

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab Community Edition and Enterprise Edition versions 10.7.x through 10.7.5

Description An issue was discovered due to the usage of url for which contained a XSS issue. This was caused by url for allowing arbitrary protocols as a parameter.

Recommendations For GitLab Community Edition and Enterprise Edition versions 10.7.x through 10.7.5, update to version 10.7.6 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-12605

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2018-11286 · Gitlab · Gitlab Ce/Ee+1

CVE-2018-12605

Weakness Enumeration

Related Identifiers

Affected Products

References · 6