CVE-2024-8648

6.1MEDIUM

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 14 November 2024

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a specially crafted URL.

Refferences

https://gitlab.com/gitlab-org/gitlab/-/issues/486220

https://hackerone.com/reports/2683863

https://about.gitlab.com/releases/2024/11/13/patch-releas...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2024

Collectors

NVD Database