Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE

Published

2025-02-07T15:15:16.703

Last Modified

2025-08-14T19:24:54.723

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.7 (HIGH)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 17.3.0	Yes
Application	gitlab	gitlab	< 17.3.0	Yes
Application	gitlab	gitlab	17.4.0	Yes
Application	gitlab	gitlab	17.4.0	Yes
Application	gitlab	gitlab	17.5.0	Yes
Application	gitlab	gitlab	17.5.0	Yes
Application	gitlab	gitlab	17.6.0	Yes
Application	gitlab	gitlab	17.6.0	Yes

References

https://gitlab.com/gitlab-org/gitlab/-/issues/500785 Broken Link ([email protected])
https://hackerone.com/reports/2765778 Permissions Required ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/500785 Broken Link (134c704f-9b21-4f2e-91b3-4a467353bcc0)