GitLab CE/EE Vulnerability: Stored XSS Flaw Affects All Versions
CVE-2023-6371
Key Information:
Badges
Summary
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
Affected Version(s)
GitLab 0.0 < 16.8.5
GitLab 16.9 < 16.9.3
GitLab 16.10 < 16.10.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CybersecurityNewsGitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.
9 months ago
TheCyberThroneCVE-2023-6371Gitlab addresses XSS and DoS vulnerabilities
GitLab has released critical security updates for versions 16.10.1, 16.9.3, and 16.8.5 of its popular Git management software. These patches address vulnerabilities that could expose users to attacks ranging from malicious code execution to system outages. CVE-2023-6371 is a High Severity XSS vulner...
10 months ago
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by TheCyberThrone
Vulnerability published
Vulnerability Reserved