PT-2025-9086 · Gitlab · Gitlab Ce/Ee

Published

2025-02-28

Updated

2025-03-07

CVE-2024-8186

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.6 through 17.7.5 GitLab CE/EE versions 17.8 through 17.8.3 GitLab CE/EE versions 17.9 through 17.9.0

Description An issue has been discovered in GitLab CE/EE where an attacker could inject HTML into the child item search, potentially leading to XSS in certain situations.

Recommendations For versions 16.6 through 17.7.5, update to version 17.7.6 or later. For versions 17.8 through 17.8.3, update to version 17.8.4 or later. For versions 17.9 through 17.9.0, update to version 17.9.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-02583

BIT-GITLAB-2024-8186

CVE-2024-8186

Affected Products

Gitlab Ce/Ee

PT-2025-9086 · Gitlab · Gitlab Ce/Ee

CVE-2024-8186

Weakness Enumeration

Related Identifiers

Affected Products

References · 12