An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/407783 | Broken Link |
https://hackerone.com/reports/1940598 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
04 Aug 2023, 19:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/407783 - Broken Link | |
References | (MISC) https://hackerone.com/reports/1940598 - Permissions Required | |
CWE | CWE-79 | |
First Time |
Gitlab gitlab
Gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
02 Aug 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-02 00:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-2164
Mitre link : CVE-2023-2164
CVE.ORG link : CVE-2023-2164
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')