Overview
GitLab has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-7047
- GitLab CE/EE versions: 16.6 (inclusive) ~ 17.0.5 (exclusive)
- GitLab CE/EE versions: 17.1 (inclusive) ~ 17.1.3 (exclusive)
- GitLab CE/EE versions: 17.2 (inclusive) ~ 17.2.1 (exclusive)
Resolved Vulnerabilities
XSS vulnerability that could allow an attacker to execute arbitrary script in the context of the currently logged in user(CVE-2024-7047)
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-7047
- GitLab CE/EE version: 17.0.5
- GitLab CE/EE version: 17.1.3
- GitLab CE/EE version: 17.2.1
Referenced Sites
[1] CVE-2024-7047 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-7047
[2] CVE-2024-7047.json
https://gitlab.com/gitlab-org/cves/-/blob/master/2024/CVE-2024-7047.json
Article Link: GitLab Product Security Update Advisory (CVE-2024-7047) – ASEC