GitLab 16.9 < 16.9.4 / 16.10 < 16.10.2 (CVE-2024-3092)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using th...

BIT-GITLAB-2024-3092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

UBUNTU-CVE-2024-3092

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

CVE-2024-3092

CVE-2024-3092 affects GitLab CE/EE: stored XSS via the diff viewer in all versions 16.9 before 16.9.4 and 16.10 before 16.10.2. Exploitation could allow an attacker to act on behalf of victims. Remediation: upgrade to GitLab 16.9.4 or 16.10.2 (per advisories referencing the fixed versions).

CVE-2024-3092

Removed by vendor...

CVE-2024-3092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A cross-site scripting vulnerability exists in GitLab CE/EE versions 16.9 throu...

CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform that stems from the ability to access a password's hash value whenever the object storing the password is deleted, by using the diff...

PT-2024-24095 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 5.0-rc-1 through 14.10.18 XWiki Platform versions 14.10.19 through 15.5.3 XWiki Platform versions 15.5.4 through 15.9-rc-1 Description: The issue allows access to the hash of a password by using the diff feature of the...

PT-2024-23669 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 Description: An issue has been discovered in GitLab CE/EE that may lead to a Stored XSS while using the diff viewer. This allows attackers to perform...

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...

Fedora: Security Advisory for sequence-library (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: sequence-library-1.0.3-18.fc40

A textual diff and merge library...

[SECURITY] Fedora 40 Update: java-diff-utils-4.12-7.fc40

Diff Utils library is an OpenSource library for performing the comparison / d iff operations between texts or some kind of data: computing diffs, applying patches, genera ting unified diffs or parsing them, generating diff output for easy future displaying lik e side-by-side view and so on...

GitLab 12.10 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39932)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Usin...

Cookies are sent to external images in rendered diff (and server side request forgery)

Impact The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that...

GHSA-7RFG-6273-F5WP Cookies are sent to external images in rendered diff (and server side request forgery)

Impact The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that...

CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery

XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...