PT-2021-6533 · Gitlab · Gitlab Ce/Ee+1
Saleemrashid
·
Published
2021-08-25
·
Updated
2024-03-06
·
CVE-2021-22242
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 11.4 and up
Description
The issue is related to insufficient input sanitization in Mermaid markdown, allowing a remote attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. This can impact the integrity of data.
Recommendations
For GitLab CE/EE versions 11.4 and up, consider disabling the Mermaid markdown feature until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict access to markdown editing to minimize the risk of malicious input.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee