Medium

Analysis Summary

CVE-2024-2279 CVSS:8.7

GitLab Community Edition and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the autocomplete results to inject malicious script into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials.

CVE-2023-6489 CVSS:4.3

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service, caused by a flaw in chat integration feature. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause service degradation.

CVE-2023-6678 CVSS:4.3

GitLab Community Edition and Enterprise Edition are vulnerable to a denial of service. By using malicious crafted content in a junit test report file, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-3092 CVSS:8.7

GitLab Community Edition and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the diff viewer to inject malicious script into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials.