Main Vulnerability Database Vulnerabilities #VU31293

Cross-site scripting in Gitlab Community Edition - CVE-2018-10379

Published: May 31, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31293

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10379

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

How to mitigate CVE-2018-10379

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/104491
https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/

Cross-site scripting in Gitlab Community Edition - CVE-2018-10379

Detailed vulnerability description

How to mitigate CVE-2018-10379

Sources

Please verify you're human