CVE-2024-7047

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7047

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7047.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7047

Aliases

BIT-gitlab-2024-7047

Published

2024-07-25T01:15:09Z

Modified

2024-08-26T20:21:55Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/455318

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

94991886af3e3820aa09fa353b29cf8557c93168

Fixed

9c031204479bc7a5d833157334767231e928d553