Lucene search

Ubuntu.comUB:CVE-2023-1836

HistoryMay 03, 2023 - 12:00 a.m.

CVE-2023-1836

2023-05-0300:00:00

ubuntu.com

cve-2023-1836

cross-site scripting

gitlab

xml

render

html

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

58.5%

JSON

A cross-site scripting issue has been discovered in GitLab affecting all
versions starting from 5.1 before 15.9.6, all versions starting from 15.10
before 15.10.5, all versions starting from 15.11 before 15.11.1. When
viewing an XML file in a repository in “raw” mode, it can be made to render
as HTML if viewed under specific circumstances

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgitlab< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	gitlab	< any	UNKNOWN

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json

gitlab.com/gitlab-org/gitlab/-/issues/404613

hackerone.com/reports/1923293

launchpad.net/bugs/cve/CVE-2023-1836

nvd.nist.gov/vuln/detail/CVE-2023-1836

security-tracker.debian.org/tracker/CVE-2023-1836

www.cve.org/CVERecord?id=CVE-2023-1836