BIT-gitlab-2020-26407

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2020-26407.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-gitlab-2020-26407
Aliases
Published
2024-03-06T11:21:19.612Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project

References

Affected packages

Bitnami / gitlab

Package

Name
gitlab
Purl
pkg:bitnami/gitlab

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
12.4.0
Fixed
13.4.7
Introduced
13.5.0
Fixed
13.5.5
Introduced
13.6.0
Fixed
13.6.2