Cross-site request forgery vulnerability in GitLab CE/EE - CVE-2023-1836 (rpm)ID: oval:org.secpod.oval:def:89841 | Date: (C)2023-05-18 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 5.1 before 15.9.6, 15.10 before 15.10.5, 15.11 before 15.11.1 and is prone to a cross-site request forgery vulnerability. A flaw is present in the application, which fails to properly handle specific circumstances. Successful exploitation allows attackers to render as HTML, when viewing an XML file in a repository in "raw" mode.
Product: |
gitlab-ce |
gitlab-ee |