CVE-2023-1836

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

History

09 May 2023, 20:12

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
First Time Gitlab
Gitlab gitlab
References (MISC) https://hackerone.com/reports/1923293 - (MISC) https://hackerone.com/reports/1923293 - Permissions Required
References (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/404613 - (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/404613 - Broken Link
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json - Third Party Advisory

03 May 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-03 21:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-1836

Mitre link : CVE-2023-1836

CVE.ORG link : CVE-2023-1836


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')