Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6530

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.

Published

2024-10-10T12:15:04.500

Last Modified

2024-10-16T16:53:08.487

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 17.2.9	Yes
Application	gitlab	gitlab	< 17.2.9	Yes
Application	gitlab	gitlab	< 17.3.5	Yes
Application	gitlab	gitlab	< 17.3.5	Yes
Application	gitlab	gitlab	< 17.4.2	Yes
Application	gitlab	gitlab	< 17.4.2	Yes

References

https://gitlab.com/gitlab-org/gitlab/-/issues/471049 Broken Link ([email protected])
https://hackerone.com/reports/2567533 Permissions Required ([email protected])