GitLab XSS Vulnerability Affects Sensitive User Information
CVE-2024-4835
Key Information:
Badges
Summary
A Cross-Site Scripting (XSS) vulnerability has been identified in GitLab, affecting multiple versions prior to 16.10.6, 16.11.3, and 17.0.1. Exploitation of this flaw allows attackers to create malicious web pages that can extract sensitive user data. By manipulating the XSS condition, adversaries can potentially gain access to credentials and other private information from unaware users accessing the compromised pages.
Affected Version(s)
GitLab 15.11 < 16.10.6
GitLab 16.11 < 16.11.3
GitLab 17.0 < 17.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Security-InsiderCVE-2024-4835GitLab Sicherheitsupdates: CVE-2024-4835 Cross-Site-Scripting Lücke behoben
GitLab veröffentlicht wichtige Sicherheitsupdates, um CVE-2024-4835 Cross-Site-Scripting Schwachstelle und weitere Lücken zu schließen. Admins sollten sofort aktualisieren.
6 months ago
References
CVSS V3.1
Timeline
- 📰
First article discovered by Security-Insider
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved