GitLab CE/EE Vulnerability: Stored XSS Flaw Affects All Versions

CVE-2023-6371

8.7HIGH

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 28 March 2024

Badges

📰 News Worthy

Summary

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

Affected Version(s)

GitLab < 16.8.5

GitLab < 16.9.3

GitLab < 16.10.1

News Articles

CybersecurityNews

CVE-2023-6371CVE-2024-2818

GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now

GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.

7 months ago

TheCyberThrone

CVE-2023-6371

Gitlab addresses XSS and DoS vulnerabilities

GitLab has released critical security updates for versions 16.10.1, 16.9.3, and 16.8.5 of its popular Git management software. These patches address vulnerabilities that could expose users to attacks ranging from malicious code execution to system outages. CVE-2023-6371 is a High Severity XSS vulner...

7 months ago

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

First article discovered by TheCyberThrone
Mar 28, 2024
Vulnerability published.
Mar 28, 2024
Vulnerability Reserved.
Nov 28, 2023

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program