PT-2019-9856 · Gitlab · Gitlab Ce/Ee+1
Fransrosen
·
Published
2019-07-10
·
Updated
2023-03-01
·
CVE-2018-19573
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 10.3 through 11.5 before 11.5.1
GitLab CE/EE version 11.4 before 11.4.8
GitLab CE/EE version 11.3 before 11.3.11
Description
The issue is related to an XSS vulnerability in Markdown fields via Mermaid.
Recommendations
For GitLab CE/EE versions 10.3 through 11.3 before 11.3.11, update to version 11.3.11 or later.
For GitLab CE/EE version 11.4 before 11.4.8, update to version 11.4.8 or later.
For GitLab CE/EE version 11.5 before 11.5.1, update to version 11.5.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee