In GitLab CE/EE versions 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2 a medium-severity vulnerability CVE-2024-8180 was detected. This vulnerability allows attackers to execute XSS attacks due to improper output encoding if Content Security Policy is not enabled. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8180.
Gitlab: XSS Attacks in Specific Versions
by the Hossted team
14.11.2024