CVE-2024-8180

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-8180

Severity

5.4

Medium

CVSS V3

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.

References

https://images.chainguard.dev/security/CGA-cv76-hrqp-mjqq
https://github.com/advisories/GHSA-p932-x66g-q6cc
https://images.chainguard.dev/security/CGA-8j96-rvv7-hp7j
https://images.chainguard.dev/security/CGA-wg24-cvjc-3r7v
https://images.chainguard.dev/security/CGA-q869-hpcm-cr6m
https://images.chainguard.dev/security/CGA-f96p-6vrx-76f6
https://images.chainguard.dev/security/CGA-j259-cxmj-xpr8
https://images.chainguard.dev/security/CGA-vcqh-fjhv-qqmj
https://images.chainguard.dev/security/CGA-7c79-vc4x-c43c
https://images.chainguard.dev/security/git%3A%2F%2Fgit%40gitlab.com%3Agitlab-org%2Fgitlab.git
https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#html-injection-in-vulnerability-code-flow-could-lead-to-xss-on-self-hosted-instances
https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8180.json
https://gitlab.com/gitlab-org/gitlab/-/issues/480720
https://hackerone.com/reports/2654010
https://nvd.nist.gov/vuln/detail/CVE-2024-8180

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-8180

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company