Main Vulnerability Database SB2018053113

SB2018053113 - Cross-site scripting in GitLab, Gitlab Community Edition

Published: May 31, 2018 Updated: July 17, 2020

Security Bulletin ID SB2018053113

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2018-10379)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

Remediation

Install update from vendor's website.

References

http://www.securityfocus.com/bid/104491
https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/