- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
GitLab CE/EE の脆弱性 CVE-2024-8312/6826 が FIX:XSS/DoS 攻撃の可能性 https://t.co/QRm1ka2Nnn #GitLab #OpenSource #Repository
@iototsecnews
1 Nov 2024
123 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gitlab fixes CVE-2024-8312 and CVE-2024-6826 #Gitlab #CVE-2024-8312 #CVE-2024-6826 https://t.co/rubXHKvMIo
@pravin_karthik
25 Oct 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴New vulnerability was just published🔴 CVE ➡️ CVE-2024-8312 Impacting ➡️ GitLab CE/EE CVSS ➡️ 8.7 #cve #securitricks #vulnerability #cybersecurity https://t.co/oNVvLzNOuT
@SecuriTricks
24 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-8312: HIGH] Critical security alert: GitLab CE/EE versions 15.10 to 17.5.1 vulnerable to XSS attacks via Global Search field injection. Update to version 17.5.1 immediately to patch this issue.#cybersecurity,#vulnerability https://t.co/GFU134QZPn https://t.co/7I5iPo2yDB
@CveFindCom
24 Oct 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLabで高深刻度のクロスサイトスクリプティング脆弱性が修正。CVE-2024-8312はCVSSスコア8.7で、diff表示のグローバル検索部分が脆弱。DoS脆弱性のCVE-2024-6826も修正。 https://t.co/5vQkrQy7rM
@__kokumoto
24 Oct 2024
776 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF0E11FA-689E-468B-B427-8B68AEF145B2",
"versionEndExcluding": "17.3.6",
"versionStartIncluding": "15.10.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0826BB0F-5424-4A9A-81A2-5894EFC218DE",
"versionEndExcluding": "17.3.6",
"versionStartIncluding": "15.10.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D8C07CE-4771-4620-96B3-17EA81B6AAF4",
"versionEndExcluding": "17.4.3",
"versionStartIncluding": "17.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4373294-4C6B-4299-88D3-D3568A285A56",
"versionEndExcluding": "17.4.3",
"versionStartIncluding": "17.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97618D0B-B13A-4111-A78E-3BCB4F023382"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:17.5.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "603F1273-E30C-4EBB-AFEA-6713D273C4F3"
}
],
"operator": "OR"
}
]
}
]