CVE-2024-7047

CVSS v3.1

7.7

High

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.6 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0

Description: A cross-site scripting issue exists, allowing an attacker to execute arbitrary scripts under the context of the current logged-in user. This is due to inadequate protection of the web page structure. The exploitation of this issue can enable a remote attacker to execute arbitrary code.

Recommendations: For GitLab CE/EE versions 16.6 through 17.0.4, update to version 17.0.5 or later. For GitLab CE/EE versions 17.1 through 17.1.2, update to version 17.1.3 or later. For GitLab CE/EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2024-05761

BIT-GITLAB-2024-7047

CVE-2024-7047

Affected Products

Gitlab

Gitlab Ce/Ee

CVE-2024-7047

Weakness Enumeration

Related Identifiers

Affected Products

References · 10