Main Vulnerability Database SB2018032111

SB2018032111 - Cross-site scripting in GitLab, Gitlab Community Edition

Published: March 21, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018032111

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2017-0923)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

Remediation

Install update from vendor's website.

References

https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
https://hackerone.com/reports/293740