An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/480718 | Broken Link |
| https://hackerone.com/reports/2665929 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
11 Jul 2025, 20:11
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Gitlab gitlab
Gitlab |
|
| References | () https://hackerone.com/reports/2665929 - Permissions Required | |
| References | () https://gitlab.com/gitlab-org/gitlab/-/issues/480718 - Broken Link | |
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
12 Dec 2024, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-12-12 12:15
Updated : 2025-07-11 20:11
NVD link : CVE-2024-8179
Mitre link : CVE-2024-8179
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')