Allele Security Alert
ASA-2019-00213
Identifier(s)
ASA-2019-00213, CVE-2019-10111
Title
Persistent Cross-Site Scripting (XSS) at merge request resolve conflicts
Vendor(s)
GitLab
Product(s)
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
Affected version(s)
GitLab CE/EE 11.0 to 11.8
Fixed version(s)
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.9.4
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.8.6
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.7.10
Proof of concept
Unknown
Description
An input validation and output encoding issue was discovered in the merge request “resolve conflicts” page which resulted in a persistent Cross-Site Scripting (XSS).
Technical details
Unknown
Credits
valis
Reference(s)
GitLab Security Release: 11.9.4, 11.8.6, and 11.7.10
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10111
CVE-2019-10111
https://nvd.nist.gov/vuln/detail/CVE-2019-10111
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 24, 2019