GitLab allows adding any type of note to commit messages. Therefore, this XSS issue can be exploited to inject any HTML code into commit messages. This issue was fixed in versions starting from 14.8.5. Vendors/OSS users are encouraged to upgrade to the most recent versions. All versions starting from 14.9 before 14.9.2, all versions starting from 16.0 before 16.0.1, all versions starting from 16.1 before 16.1.0, all versions starting from 16.2 before 16.2.0, all versions starting from 16.3 before 16.3.0, all versions starting from 16.4 before 16.4.1, all versions starting from 16.5 before 16.5.0, all versions starting from 16.6 before 16.6.0, all versions starting from 16.7 before 16.7.0, all versions starting from 16.8 before 16.8.1, all versions starting from 16.9 before 16.9.2, all versions starting from 17.0 before 17.0.0, all versions starting from 17.1 before 17.1.0, all versions starting from 17.2 before 17.2.0, all versions starting from 17.3 before 17.3.0, all versions starting from 17.4 before 17.4.0, all versions starting from 17.5 before 17.5.0, all versions starting

GitLab/CVE-2018-10024

GitLab allows adding any type of note to commit messages. Therefore, this XSS issue can be exploited to inject any HTML code into commit messages. This issue was fixed in versions starting from 14.8.5. Vendors/OSS users are encouraged to upgrade to the most recent versions. All versions starting from 14.9 before 14.9.2, all versions starting from 16.0 before 16.0.1, all versions starting from 16.1 before 16.1.0, all versions starting from 16.2 before 16.2

Timeline

Published on: 04/04/2022 20:15:00 UTC
Last modified on: 05/10/2022 16:00:00 UTC

References