Metrics
Affected Vendors & Products
Solution
Upgrade to versions 17.4.2, 17.3.5, 17.2.9 or above.
Workaround
No workaround given by the vendor.
Wed, 16 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Thu, 10 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 10 Oct 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. | |
Title | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitLab
Published:
Updated: 2024-10-10T13:32:29.455Z
Reserved: 2024-07-05T13:01:56.972Z
Link: CVE-2024-6530

Updated: 2024-10-10T13:32:22.923Z

Status : Analyzed
Published: 2024-10-10T12:15:04.500
Modified: 2024-10-16T16:53:08.487
Link: CVE-2024-6530

No data.

No data.