CVE-2024-6530

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Description

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.

INFO

Published Date :

2024-10-10T12:02:10.807Z

Last Modified :

2024-10-10T13:32:29.455Z

Source :

GitLab

AFFECTED PRODUCTS

The following products are affected by CVE-2024-6530 vulnerability.

Vendors	Products
Gitlab	Gitlab

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6530.

URL	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/471049
https://hackerone.com/reports/2567533

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact