7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
45.6%
A cross-site scripting issue has been discovered in GitLab CE/EE affecting
all versions starting from 15.2 before 15.2.5, all versions starting from
15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was
possible to exploit a vulnerability in the external status checks feature
which could lead to a stored XSS that allowed attackers to perform
arbitrary actions on behalf of victims at client side.