GitLab Product Security Update Advisory (CVE-2024-7047)

Overview

 

GitLab has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-7047

  • GitLab CE/EE versions: 16.6 (inclusive) ~ 17.0.5 (exclusive)
  • GitLab CE/EE versions: 17.1 (inclusive) ~ 17.1.3 (exclusive)
  • GitLab CE/EE versions: 17.2 (inclusive) ~ 17.2.1 (exclusive)

 

Resolved Vulnerabilities

 

XSS vulnerability that could allow an attacker to execute arbitrary script in the context of the currently logged in user(CVE-2024-7047) 

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2024-7047

  • GitLab CE/EE version: 17.0.5
  • GitLab CE/EE version: 17.1.3
  • GitLab CE/EE version: 17.2.1

 

Referenced Sites

[1] CVE-2024-7047 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7047

[2] CVE-2024-7047.json

https://gitlab.com/gitlab-org/cves/-/blob/master/2024/CVE-2024-7047.json

Article Link: GitLab Product Security Update Advisory (CVE-2024-7047) – ASEC