CVE-2023-6033 Information

Description

Improper neutralization of input in Jira integration configuration in GitLab CE/EE affecting all versions from 15.10 prior to 16.6.1 16.5 prior to 16.5.3 and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim’s browser.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/431201 https://hackerone.com/reports/2236039