CVE-2023-6371

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 16.8.5 GitLab CE/EE versions 16.9 through 16.9.2 GitLab CE/EE versions 16.10 through 16.10.0

Description An issue has been discovered in GitLab CE/EE, where a wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. The vulnerability exists due to inadequate protection of the web page structure. Exploitation of the vulnerability may allow a remote attacker to conduct an inter-site scripting (XSS) attack.

Recommendations For GitLab CE/EE versions prior to 16.8.5, update to version 16.8.5 or later. For GitLab CE/EE versions 16.9 through 16.9.2, update to version 16.9.3 or later. For GitLab CE/EE versions 16.10 through 16.10.0, update to version 16.10.1 or later. As a temporary workaround, consider restricting access to wiki pages with crafted payloads to minimize the risk of exploitation.