Login Sign Up

CVE-2024-4835

8.0 HIGH
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in GitLab that allows attackers to create malicious web pages that can steal sensitive user information like session cookies or authentication tokens. It affects GitLab instances running vulnerable versions, potentially exposing user data to unauthorized access.

💻 Affected Systems

Products:
  • GitLab Community Edition
  • GitLab Enterprise Edition
Versions: 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1
Operating Systems: All platforms running GitLab
Default Config Vulnerable: ⚠️ Yes
Notes: All GitLab deployments running affected versions are vulnerable regardless of configuration.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, gain full administrative access to the GitLab instance, and potentially compromise the entire codebase and user accounts.

🟠

Likely Case

Attackers could steal regular user session cookies, access private repositories, and exfiltrate sensitive code or user data.

🟢

If Mitigated

With proper content security policies and input validation, the impact would be limited to minor data leakage from users who interact with the malicious page.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction with a malicious page, but the XSS payload itself is straightforward to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 16.10.6, 16.11.3, or 17.0.1

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/461328

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 16.10.6, 16.11.3, or 17.0.1 using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Content Security Policy (CSP)

all

Implement a strict CSP to prevent execution of unauthorized scripts

Add CSP headers to your web server configuration or GitLab settings

Input Sanitization

all

Enable additional input validation and sanitization in GitLab

Configure GitLab to sanitize user inputs more aggressively

🧯 If You Can't Patch

  • Implement strict Content Security Policy headers
  • Monitor for suspicious user activity and XSS attempts in logs

🔍 How to Verify

Check if Vulnerable:

Check your GitLab version against affected ranges: 15.11-16.10.5, 16.11-16.11.2, or 17.0

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'Version:'

Verify Fix Applied:

Verify GitLab version is 16.10.6, 16.11.3, or 17.0.1 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript execution in user-generated content
  • Suspicious URL parameters containing script tags

Network Indicators:

  • Outbound connections to unknown domains from GitLab sessions
  • Data exfiltration patterns

SIEM Query:

source="gitlab" AND (message="*script*" OR message="*javascript*" OR message="*onclick*")

📊 Metadata

CVE ID: CVE-2024-4835
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-79
Published: May 23, 2024
Last Updated: December 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4835, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)