CVE-2024-4835

moderate-risk
Published 2024-05-23

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

Do I need to act?

~
7.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10 High
NETWORK / HIGH complexity

Affected Products (4)

Affected Vendors

Gitlab

References (4)

Exploit https://gitlab.com/gitlab-org/gitlab/-/issues/461328
Permissions Required https://hackerone.com/reports/2497024
Exploit https://gitlab.com/gitlab-org/gitlab/-/issues/461328
Permissions Required https://hackerone.com/reports/2497024
44
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 10/34 · Low
Exposure 10/34 · Low