Описание
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
Ссылки
- PatchThird Party Advisory
- Broken Link
- Permissions Required
- PatchThird Party Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
7.7 High
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
A Stored Cross-Site Scripting vulnerability in Jira integration in Git ...
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код JavaScript
EPSS
7.7 High
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2