CVE-2024-6530

Name of the Vulnerable Software and Affected Versions GitLab versions 17.1 through 17.2.9 GitLab versions 17.3 through 17.3.5 GitLab versions 17.4 through 17.4.2

Description A cross-site scripting issue has been discovered in GitLab. The issue is related to the lack of protection of the web page structure, which can allow a remote attacker to conduct an XSS attack. When adding or authorizing an application, it can be made to render as HTML under specific circumstances.

Recommendations For GitLab versions 17.1 through 17.2.9, update to version 17.2.9 or later to resolve the issue. For GitLab versions 17.3 through 17.3.5, update to version 17.3.5 or later to resolve the issue. For GitLab versions 17.4 through 17.4.2, update to version 17.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the rendering of HTML when adding or authorizing applications to minimize the risk of exploitation.