CVE-2024-7047

{"id": "CVE-2024-7047", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-07-25T01:15:09.830", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455318", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455318", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross Site Scripting en GitLab CE/EE que afecta a todas las versiones desde 16.6 anterior a 17.0.5, 17.1 anterior a 17.1.3, 17.2 anterior a 17.2.1, lo que permite a un atacante ejecutar scripts arbitrarios en el contexto del usuario con sesi\u00f3n iniciada actual."}], "lastModified": "2024-11-21T09:50:47.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "0745E87F-1991-423E-A7C7-2874AEBFD622", "versionEndExcluding": "17.0.5", "versionStartIncluding": "16.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F94D0B-5295-43EC-A3D7-283AB66AB6CC", "versionEndExcluding": "17.0.5", "versionStartIncluding": "16.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "E68B5BB3-0D86-4D3C-98A2-5717B267C2E3", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D50D43C6-72E7-4FE7-91E3-87ED5A2934A3", "versionEndExcluding": "17.1.3", "versionStartIncluding": "17.1.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:7.2.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CDEF18-F9B8-428A-AAE4-13D571E5E9F7"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:7.2.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "687E9E4C-B2DD-48EE-A079-02638D40CBEF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}