CVE-2024-4207

Name of the Vulnerable Software and Affected Versions GitLab versions 5.1 through 17.0.6 GitLab versions 17.1 through 17.1.4 GitLab versions 17.2 through 17.2.2

Description A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by a remote attacker to conduct an XSS attack by sending a specially crafted XML file. The issue arises when viewing an XML file in a repository in raw mode under specific circumstances, allowing it to render as HTML.

Recommendations For versions 5.1 through 17.0.6, update to a version after 17.0.6 to resolve the issue. For versions 17.1 through 17.1.4, update to a version after 17.1.4 to resolve the issue. For versions 17.2 through 17.2.2, update to a version after 17.2.2 to resolve the issue. As a temporary workaround, consider restricting access to viewing XML files in raw mode until a patch is available.