GitLab Community and Enterprise Edition Cross-site Scripting Vulnerability

Summary

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.

Credit:

The information has been provided by James Ritchey

The original article can be found at:

https://gitlab.com/gitlab-org/gitlab-ce/issues/53037

 


Details
GitLab is prone to an HTML injection vulnerability.
Vulnerable Systems:

Gitlab GitLab Enterprise Edition 11.5
Gitlab GitLab Enterprise Edition 11.4
Gitlab GitLab Enterprise Edition 11.3
Gitlab GitLab Community Edition 11.5
Gitlab GitLab Community Edition 11.4
Gitlab GitLab Community Edition 11.3

CVE Information:

CVE-2018-19493

Disclosure Timeline:
Published Date:07/16/2019