CVE-2024-7047

Published: Jul 25, 2024Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 16.6.0 to 17.0.5
Gitlab Gitlab	From 17.1.0 to 17.1.3
Gitlab Gitlab	From 16.6.0 to 17.0.5
Gitlab Gitlab	From 17.1.0 to 17.1.3
Gitlab Gitlab	Version 7.2.0
Gitlab Gitlab	Version 7.2.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/455318

Source: cve@gitlab.com

Broken Link

https://gitlab.com/gitlab-org/gitlab/-/issues/455318

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.