HTTP: GitLab Community and Enterprise Edition deprecated_notes.js Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against GitLab Community and Enterprise Edition. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances.
Affected Products
Gitlab gitlab
Short Name
HTTP:XSS:GITLAB-CEEE-JS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-4901 CVE-2024-6530 Community Cross-Site Edition Enterprise GitLab Scripting Stored and deprecated_notes.js
Release Date
10/03/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3758
False Positive
Unknown
Vendors
Gitlab