CVE-2017-0917

Summary

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab Community and Enterprise Editions9.1.0 - 10.1.5 Fixed in 10.1.6affected
GitLabGitLab Community and Enterprise Editions10.2.0 - 10.2.5 Fixed in 10.2.6affected
GitLabGitLab Community and Enterprise Editions10.3.0 - 10.3.3 Fixed in 10.3.4affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References