Overview
- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.
- Source
- cve@gitlab.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.7
- Impact score
- 5.8
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- cve@gitlab.com
- CWE-79
Social media
- Hype score
- Not currently trending
GitLab CE/EE の脆弱性 CVE-2024-8312/6826 が FIX:XSS/DoS 攻撃の可能性 https://t.co/QRm1ka2Nnn #GitLab #OpenSource #Repository
@iototsecnews
1 Nov 2024
123 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gitlab fixes CVE-2024-8312 and CVE-2024-6826 #Gitlab #CVE-2024-8312 #CVE-2024-6826 https://t.co/rubXHKvMIo
@pravin_karthik
25 Oct 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴New vulnerability was just published🔴 CVE ➡️ CVE-2024-8312 Impacting ➡️ GitLab CE/EE CVSS ➡️ 8.7 #cve #securitricks #vulnerability #cybersecurity https://t.co/oNVvLzNOuT
@SecuriTricks
24 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-8312: HIGH] Critical security alert: GitLab CE/EE versions 15.10 to 17.5.1 vulnerable to XSS attacks via Global Search field injection. Update to version 17.5.1 immediately to patch this issue.#cybersecurity,#vulnerability https://t.co/GFU134QZPn https://t.co/7I5iPo2yDB
@CveFindCom
24 Oct 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLabで高深刻度のクロスサイトスクリプティング脆弱性が修正。CVE-2024-8312はCVSSスコア8.7で、diff表示のグローバル検索部分が脆弱。DoS脆弱性のCVE-2024-6826も修正。 https://t.co/5vQkrQy7rM
@__kokumoto
24 Oct 2024
776 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes