CVE-2024-3092
published 2024-04-12CVE-2024-3092: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A…
PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.51%
39.8th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 17.3.5-2 (sid) | gitlab 17.3.5-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.10 < 16.10.2 | 16.10.2 |
| gitlab | gitlab | >= 16.10.0 < 16.10.2 | 16.10.2 |
| gitlab | gitlab | >= 16.9 < 16.9.4 | 16.9.4 |
| gitlab | gitlab | >= 16.9.0 < 16.9.4 | 16.9.4 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vendor_debian8.7HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: igb: Fix string truncation warnings in igb_set_fw_version
vendor_redhat·2024-05-22·CVSS 5.5
CVE-2024-36010 [MEDIUM] CWE-476 kernel: igb: Fix string truncation warnings in igb_set_fw_version
kernel: igb: Fix string truncation warnings in igb_set_fw_version
In the Linux kernel, the following vulnerability has been resolved:
igb: Fix string truncation warnings in igb_set_fw_version
Commit 1978d3ead82c ("intel: fix string truncation warnings")
fixes '-Wformat-truncation=' warnings in igb_main.c by using kasprintf.
drivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning:‘%d’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=]
3092 | "%d.%d, 0x%08x, %d.%d.%d",
| ^~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the range [0, 65535]
3092 | "%d.%d, 0x%08x, %d.%d.%d",
| ^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument in the r
GitLab
CVE-2024-3092: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2.
vendor_gitlab·2024-04-12·CVSS 8.7
CVE-2024-3092 [HIGH] CWE-79 CVE-2024-3092: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2.
CVE-2024-3092: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
Debian
CVE-2024-3092: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
vendor_debian·2024·CVSS 8.7
CVE-2024-3092 [HIGH] CVE-2024-3092: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
Scope: local
sid: resolved (fixed in 17.3.5-2)
GHSA
GHSA-qvg5-w5f4-rcwh: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16
ghsa_unreviewed·2024-04-12
CVE-2024-3092 [HIGH] CWE-79 GHSA-qvg5-w5f4-rcwh: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
OSV
CVE-2024-3092: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16
osv·2024-04-12·CVSS 5.4
CVE-2024-3092 [MEDIUM] CVE-2024-3092: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-12
Published