CVE-2023-6033 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

1.2%

top 20.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedDec 1

Description

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5gitlab/gitlab15.10 — 16.4.3+2

▶NVDgitlab/gitlab15.10 — 16.6.1+2

▶debiandebian/gitlab< gitlab 16.4.4+ds2-2 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2023-6033: Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15↗2023-12-01

▶

GHSA

GHSA-3xf7-rc79-2xq6: Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15↗2023-12-01

▶

📋Vendor Advisories

GitLab

CVE-2023-6033: Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 1↗2023-12-01

▶

Debian

CVE-2023-6033: gitlab - Improper neutralization of input in Jira integration configuration in GitLab CE/...↗2023

▶