A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed malicious users to perform arbitrary actions on behalf of victims.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab 15.6.0 |
||
gitlab gitlab |