CVE-2024-4835 Information

Description

A XSS condition exists within GitLab in versions 15.11 before 16.10.6 16.11 before 16.11.3 and 17.0 before 17.0.1. By leveraging this condition an attacker can craft a malicious page to exfiltrate sensitive user information.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/461328 https://hackerone.com/reports/2497024