Threat Encyclopedia

GitLab.Community.and.Enterprise.Edition.Branch.Name.Stored.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE).
The vulnerability is due to improper input validation of the default branch name. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation could result in the execution of script code in the security context of a target users browser.

affected-products-logoAffected Products

GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 14.0.7
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 14.1.2

Impact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/

CVE References

CVE-2021-22241