virus logo Intrusion Prevention

GitLab.Community.and.Enterprise.Edition.Mermaid.Markdown.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE).
The vulnerability is due to improper input validation of Mermaid Markdown. A remote, authenticated attacker can exploit this vulnerability by sending specially-crafted markdown to the target system. Successful exploitation could result in the execution of script code in the security context of the browser of any user visiting the affected pages.

affected-products-logoAffected Products

GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 13.12.9
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 14.0.7
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 14.1.2

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-10-14 18.179 Default_action:pass:drop
2021-10-06 18.171
ID 50797
Created Sep 28, 2021
Updated May 25, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2021-22242
Exploit Prediction Score 0.1%
Default Action drop
Active
Affected OS Linux, BSD
Affected App Other