An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/408281 | Broken Link Vendor Advisory |
https://hackerone.com/reports/1935628 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-07-13T02:02:34.411Z
Updated: 2023-07-13T02:02:34.411Z
Reserved: 2023-04-20T21:24:10.913Z
Link: CVE-2023-2200
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-13T03:15:09.240
Modified: 2023-07-20T20:36:43.987
Link: CVE-2023-2200
JSON object: View
Redhat Information
No data.