Intrusion PreventionGitLab.CE.EE.Kroki.Diagram.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in GitLab GitLab Community Edition (CE) and Enterprise Edition (EE).
The vulnerability is due to improper validation of user input of kroki diagrams. A remote, authenticated attacker could exploit these vulnerabilities by sending crafted requests to the target server. Successful exploitation could result in arbitrary script execution under the security context of the target user's browser.
Affected Products
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 15.7.x prior to 15.7.8
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 15.8.x prior to 15.8.4
GitLab GitLab Community Edition (CE) and Enterprise Edition (EE) 15.9.x prior to 15.9.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-06-10 | 28.803 | Name:GitLab. Community. and. Enterprise. Edition. Kroki. Diagram. XSS:GitLab. CE. EE. Kroki. Diagram. XSS |
| 2023-05-02 | 23.544 | Default_action:pass:drop |
| 2023-04-19 | 23.537 |
| ID | 52820 |
| Created | Apr 10, 2023 |
| Updated | Jun 06, 2024 |
| Risk |
|
| CVE ID | CVE-2023-0050 |
| Exploit Prediction Score | 0.08% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |