GitLab XSS Vulnerability Affects Sensitive User Information

CVE-2024-4835

8HIGH

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 23 May 2024

Badges

📰 News Worthy

Summary

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

Affected Version(s)

GitLab < 16.10.6

GitLab < 16.11.3

GitLab < 17.0.1

News Articles

Security-Insider

CVE-2024-4835

GitLab Sicherheitsupdates: CVE-2024-4835 Cross-Site-Scripting Lücke behoben

GitLab veröffentlicht wichtige Sicherheitsupdates, um CVE-2024-4835 Cross-Site-Scripting Schwachstelle und weitere Lücken zu schließen. Admins sollten sofort aktualisieren.

3 months ago

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

First article discovered by Security-Insider
Jul 15, 2024
Vulnerability published.
May 23, 2024
Vulnerability Reserved.
May 13, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Thanks [matanber](https://hackerone.com/matanber) for reporting this vulnerability through our HackerOne bug bounty program