CVE-2024-8186
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Mar 3, 2025
Updated: Mar 6, 2025
CWE ID 79
Summary
CVE-2024-8186 is a newly disclosed vulnerability impacting GitLab CE/EE versions prior to 17.7.6, 17.8.4, and 17.9.1. This issue allows an attacker to inject malicious HTML code into the child item search feature. In certain circumstances, this could result in Cross-Site Scripting (XSS) attacks, potentially compromising user sessions and data. Users are urged to upgrade to the patched versions as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- GitLab
Affected Vendors
- GitLab Inc.