PT-2024-23669 · Gitlab · Gitlab Ce/Ee+1
Yvvdwfon
·
Published
2024-04-10
·
Updated
2024-12-11
·
CVE-2024-3092
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 16.9 through 16.9.3
GitLab CE/EE versions 16.10 through 16.10.1
Description
An issue has been discovered in GitLab CE/EE that may lead to a Stored XSS while using the diff viewer. This allows attackers to perform arbitrary actions on behalf of victims.
Recommendations
For GitLab CE/EE versions 16.9 through 16.9.3, update to version 16.9.4 or later.
For GitLab CE/EE versions 16.10 through 16.10.1, update to version 16.10.2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee