Lucene search

FreeBSDDAD6294C-F7C1-11EE-BB77-001B217B3468

HistoryApr 10, 2024 - 12:00 a.m.

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

2024-04-1000:00:00

vuxml.freebsd.org

gitlab

patch release

stored xss

redos

unix

diff viewer

autocomplete

integrations

chat messages

junit test report

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Gitlab reports:

Stored XSS injected in diff viewer
Stored XSS via autocomplete results
Redos on Integrations Chat Messages
Redos During Parse Junit Test Report

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 16.10.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 16.10.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gitlab-ce	= 16.10.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ce	< 16.10.2	UNKNOWN

References

about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for DAD6294C-F7C1-11EE-BB77-001B217B3468