CVE-2019-19311Cross-site Scripting in Gitlab

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 58.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab EE
Timeline
PublishedJan 3
Latest updateMay 24

Description

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

NVDgitlab/gitlab8.14.012.3.7+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-vx7c-2qqj-4773: GitLab EE 82022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-19311: GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.2020-01-03
Debian
CVE-2019-19311: gitlab - GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile ...2019