GitLab CE/EE Vulnerability: Stored XSS Flaw Affects All Versions
CVE-2023-6371
Key Information:
Badges
What is CVE-2023-6371?
A vulnerability in GitLab CE/EE allows for a stored XSS attack through a wiki page containing a specially crafted payload. This security flaw affects all versions prior to 16.8.5, as well as those from 16.9 before 16.9.3 and from 16.10 before 16.10.1. Successful exploitation of this flaw can enable attackers to execute arbitrary actions on behalf of users, potentially compromising user accounts and sensitive data.
Affected Version(s)
GitLab 0.0 < 16.8.5
GitLab 16.9 < 16.9.3
GitLab 16.10 < 16.10.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CybersecurityNewsGitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.
TheCyberThroneCVE-2023-6371Gitlab addresses XSS and DoS vulnerabilities
GitLab has released critical security updates for versions 16.10.1, 16.9.3, and 16.8.5 of its popular Git management software. These patches address vulnerabilities that could expose users to attacks ranging from malicious code execution to system outages. CVE-2023-6371 is a High Severity XSS vulner...
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by TheCyberThrone
Vulnerability published
Vulnerability Reserved