CVE-2018-10379
published 2018-05-31CVE-2018-10379: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move…
PriorityP424medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.89%
54.9th percentile
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 10.6.5+dfsg-1 (sid) | gitlab 10.6.5+dfsg-1 (sid) |
| gitlab | gitlab | < 10.5.8 | 10.5.8 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 10.6.0 < 10.6.5 | 10.6.5 |
| gitlab | gitlab | >= 10.7.0 < 10.7.2 | 10.7.2 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_debian6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2018-10379: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. Th
vendor_gitlab·2018-05-31·CVSS 6.1
CVE-2018-10379 [MEDIUM] CWE-79 CVE-2018-10379: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. Th
CVE-2018-10379: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
Debian
CVE-2018-10379: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ...
vendor_debian·2018·CVSS 6.1
CVE-2018-10379 [MEDIUM] CVE-2018-10379: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ...
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
Scope: local
sid: resolved (fixed in 10.6.5+dfsg-1)
GHSA
GHSA-v6wj-hx5h-fhwp: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10
ghsa_unreviewed·2022-05-14
CVE-2018-10379 [MEDIUM] CWE-79 GHSA-v6wj-hx5h-fhwp: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
No detection rules found.
No public exploits indexed.
HackerOne
Persistent XSS - Selecting users as allowed merge request approvers
hackerone·2018-07-16·CVSS 6.1
CVE-2018-10379 [MEDIUM] Persistent XSS - Selecting users as allowed merge request approvers
Persistent XSS - Selecting users as allowed merge request approvers
**Summary:**
When using the dropdown that selects the users that are allowed to approve a merge request, it is possible to trigger a XSS with a malicious user name string.
**Description:**
This vulnerability is similar to the recently announced CVE-2018-10379 (and another vulnerability I recently reported here in hackerone).
The steps to reproduce are fairly simple but there are some restrictions:
* Only members of a project with Master access are able to become victims of the XSS
* Only groups/members with a subscription level of Starter or higher are able to perform the XSS. This is a premium feature only allowed at Starter or higher. (https://gitlab.com/help/user/project/merge_requests/merge_request_approvals)
## S
HackerOne
XSS (Persistent) - Selecting role(s) for protected branches
hackerone·2018-07-16·CVSS 6.1
CVE-2018-10379 [MEDIUM] XSS (Persistent) - Selecting role(s) for protected branches
XSS (Persistent) - Selecting role(s) for protected branches
**Summary:**
When using the dropdown that selects the groups or users that are allowed to push or merge to a protected branch within a project, it is possible to trigger a XSS with a malicious user name string.
**Description:**
This vulnerability is similar to the recently announced CVE-2018-10379. The username input string where an attacker is able to inject a payload is in the same location, but the XSS that renders is in a different location. Since the remediation needs to be applied at the presentation layer, this is indeed a separate vulnerability and needs to be fixed separately (although Gitlab could start whitelisting characters allowed in usernames, similar to how Gitlab whitelists characters for Group or Project names)
2018-05-31
Published