An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled. | |
Title | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-12-12T12:03:04.799Z
Updated: 2024-12-12T15:44:09.211Z
Reserved: 2024-08-26T15:01:57.308Z
Link: CVE-2024-8179
Vulnrichment
Updated: 2024-12-12T15:21:08.750Z
NVD
Status : Received
Published: 2024-12-12T12:15:27.937
Modified: 2024-12-12T12:15:27.937
Link: CVE-2024-8179
Redhat
No data.