CVE-2024-4207

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 8, 2024

Updated: Sep 18, 2024

CWE ID 401

Summary

CVE-2024-4207 is a newly disclosed cross-site scripting (XSS) vulnerability in GitLab. Affecting versions 5.1 to 17.2.2, the issue arises when viewing XML files in raw mode. Under specific circumstances, the XML file can be manipulated to render as HTML, potentially allowing attackers to inject malicious scripts and steal sensitive information from unsuspecting users. GitLab urges all users to upgrade to the latest patched versions as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xUW9AX
https://www.cve.org/CVERecord?id=CVE-2024-4207
https://nvd.nist.gov/vuln/detail/CVE-2024-4207

Back to Vulnerability Database

CVE-2024-4207

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations