CVE-2025-0555

Published: Mar 3, 2025Modified: Mar 7, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 16.6.0 to 17.7.6
Gitlab Gitlab	From 17.8.0 to 17.8.4
Gitlab Gitlab	Version 17.9.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/514004

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2939833

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.