CVE-2024-7047

HIGH

Gitlab < 17.0.5 - XSS

Title source: rule

Description

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.

References (1)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/455318

Scores

CVSS v3 7.7

EPSS 0.0010

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Classification

CWE

CWE-79

Status published

Affected Products (4)

gitlab/gitlab < 17.0.5

gitlab/gitlab

Timeline

Published Jul 25, 2024

Tracked Since Feb 18, 2026