Improper neutralization of user input in GitLab CE/EE versions 14.4 prior to 14.7.7, all versions starting from 14.8 prior to 14.8.5, all versions starting from 14.9 prior to 14.9.2 allowed an malicious user to exploit XSS by injecting HTML in notes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |
Get our weekly newsletter Fixed passphrases for OmniAuth users not such a great idea
GitLab on Thursday issued security updates for three versions of GitLab Community Edition (CE) and Enterprise Edition (EE) software that address, among other flaws, a critical hard-coded password bug. The cloud-hosted software version control service released versions 14.9.2, 14.8.5, and 14.7.7 of its self-hosted CE and EE software, fixing one "critical" security vulnerability (CVE-2022-1162), as well as two rated "high," nine rated "medium," and four rated "low." "A hard-coded password was set ...