Improper Neutralization of Special Elements in Output Used by a Downstream Component in Gitlab Community Edition - CVE-2019-15724
Published: September 16, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30755
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-15724
CWE-ID: CWE-74
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
How to mitigate CVE-2019-15724
Install update from vendor's website.