CVE-2024-10383

moderate-risk

Published 2025-02-07

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.7/10 High

NETWORK / LOW complexity

Affected Products (8)

Gitlab

Affected Vendors

Gitlab

References (3)

Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/500785

Permissions Required https://hackerone.com/reports/2765778

Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/500785

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate