CVE-2024-10383

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Feb 7, 2025

CWE ID 79

Summary

CVE-2024-10383 is a newly discovered vulnerability affecting the gitlab-web-ide-vscode-fork component distributed over CDN, which is used by all versions of GitLab CE/EE starting from 15.11 up to and including 17.6. This issue, present in all versions prior to 1.89.1-1.0.0-dev-20241118094343, allows an attacker to execute a Cross-Site Scripting (XSS) attack when loading .ipynb files in the web IDE. This vulnerability temporarily affected versions 17.4, 17.5, and 17.6 as well, making it a significant security concern for GitLab users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z2GLJa
https://www.cve.org/CVERecord?id=CVE-2024-10383
https://nvd.nist.gov/vuln/detail/CVE-2024-10383

Back to Vulnerability Database

CVE-2024-10383

CVSS 3.1 Score 8.7 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations