Vulnerability Details CVE-2024-8180
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.1%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-8180
-
cpe:2.3:a:gitlab:gitlab:17.3.0
-
cpe:2.3:a:gitlab:gitlab:17.3.1
-
cpe:2.3:a:gitlab:gitlab:17.3.2
-
cpe:2.3:a:gitlab:gitlab:17.3.3
-
cpe:2.3:a:gitlab:gitlab:17.3.4
-
cpe:2.3:a:gitlab:gitlab:17.3.5
-
cpe:2.3:a:gitlab:gitlab:17.3.6
-
cpe:2.3:a:gitlab:gitlab:17.4.0
-
cpe:2.3:a:gitlab:gitlab:17.4.1
-
cpe:2.3:a:gitlab:gitlab:17.4.2
-
cpe:2.3:a:gitlab:gitlab:17.4.3
-
cpe:2.3:a:gitlab:gitlab:17.5.0
-
cpe:2.3:a:gitlab:gitlab:17.5.1