PT-2024-8666 · Gitlab · Gitlab Ce/Ee+1

Joaxcaron

Published

2024-11-13

Updated

2025-03-10

CVE-2024-8648

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.0 through 17.3.6 GitLab CE/EE versions 17.4.0 through 17.4.3 GitLab CE/EE versions 17.5.0 through 17.5.1

Description The issue allows an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL. This could be exploited by a remote attacker to inject arbitrary JavaScript code.

Recommendations For GitLab CE/EE versions 16.0 through 17.3.6, update to version 17.3.7 or later. For GitLab CE/EE versions 17.4.0 through 17.4.3, update to version 17.4.4 or later. For GitLab CE/EE versions 17.5.0 through 17.5.1, update to version 17.5.2 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2024-10266

BIT-GITLAB-2024-8648

CVE-2024-8648

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2024-8666 · Gitlab · Gitlab Ce/Ee+1

CVE-2024-8648

Weakness Enumeration

Related Identifiers

Affected Products

References · 18