CVE-2024-7047

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 25, 2024

CWE ID 79

Summary

CVE-2024-7047 is a newly disclosed cross-site scripting (XSS) vulnerability that impacts GitLab CE/EE versions 16.6 through 17.2.1. The flaw, affecting all versions prior to 17.0.5, 17.1.3, and 17.2.1, allows attackers to inject malicious scripts which are then executed under the privileges of the current logged-in user. This vulnerability poses a significant security risk, potentially enabling unauthorized access or data manipulation. Users are strongly urged to upgrade to the latest version of GitLab to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xMoiP-
https://www.cve.org/CVERecord?id=CVE-2024-7047
https://nvd.nist.gov/vuln/detail/CVE-2024-7047

Back to Vulnerability Database