First published: Wed Apr 05 2023(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.8.0<15.8.5 | |
GitLab GitLab | >=12.8.0<15.8.5 | |
GitLab GitLab | >=15.9.0<15.9.4 | |
GitLab GitLab | >=15.9.0<15.9.4 | |
GitLab GitLab | =15.10.0 | |
GitLab GitLab | =15.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.