CVE-2024-8180

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 14, 2024

Updated: Nov 15, 2024

CWE ID 79

Summary

CVE-2024-8180 is a cybersecurity vulnerability affecting GitLab CE/EE versions 17.3 to 17.3.7, 17.4 to 17.4.4, and 17.5 to 17.5.2. This issue involves improper output encoding which, when combined with a lack of Content Security Policy (CSP) enabled, could potentially result in a Cross-Site Scripting (XSS) attack. By exploiting this vulnerability, an attacker could inject malicious scripts into a user's browser, gaining unauthorized access or stealing sensitive information. Organizations using these affected versions of GitLab are advised to apply the relevant patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners