Lucene search
HistoryJul 13, 2023 - 3:15 a.m.
CVE-2023-2200
gitlab
ce
ee
html injection
vulnerability
version 7.14
16.1.1
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.4%
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
Affected configurations
Node
gitlabgitlabRange7.14.0–15.11.10community
ORgitlabgitlabRange7.14.0–15.11.10enterprise
ORgitlabgitlabRange16.0.0–16.0.6community
ORgitlabgitlabRange16.0.0–16.0.6enterprise
ORgitlabgitlabRange16.1.0–16.1.1community
ORgitlabgitlabRange16.1.0–16.1.1enterprise
Related
veracode
veracode
Cross-Site Scripting (XSS)
2023-08-07 01:22:45
prion
prion
Design/Logic Flaw
2023-07-13 03:15:00
debiancve
debiancve
CVE-2023-2200
2023-07-13 03:15:09
cvelist
cvelist
osv
osv
BIT-gitlab-2023-2200
2024-03-06 11:08:36
CVE-2023-2200
2023-07-13 03:15:09
nessus
nessus
GitLab 7.14 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-2200)
2023-06-29 00:00:00
FreeBSD : Gitlab -- Vulnerabilities (3117e6cd-1772-11ee-9cd6-001b217b3468)
2023-06-30 00:00:00
cve
cve
CVE-2023-2200
2023-07-13 03:15:09
ubuntucve
ubuntucve
CVE-2023-2200
2023-07-13 00:00:00
freebsd
freebsd
Gitlab -- Vulnerabilities
2023-06-29 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.4%
Related for NVD:CVE-2023-2200