| CVE | CVE-2023-0050 |
| CVE Title | |
| Published Date | 2023-03-09T22:15Z |
| Modified Date | 2023-03-15T15:46Z |
| CWE Type | CWE-79 |
| CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Description | An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. |
| References | |
| By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
| Reference URL | https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json |
| Reference Description | CONFIRM https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0050.json |
| Reference URL | https://hackerone.com/reports/1731349 |
| Reference Description | MISC https://hackerone.com/reports/1731349 |
| Reference URL | https://gitlab.com/gitlab-org/gitlab/-/issues/387023 |
| Reference Description | MISC https://gitlab.com/gitlab-org/gitlab/-/issues/387023 |
| Tags | Vendor Advisory |
| Sources | NIST MITRE |
