VDB
CVE-2024-4835
CVE-2024-4835
PUBLISHED
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.
EPSS 7.45% · 91.9th percentile
Risk Scores
EPSS Score
7.45%
91.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 15.11.0, 16.11.0, 17.0.0 |
| Bitnami | gitlab | 15.11.0, 16.11.0, 17.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-4835 (circl-sighting)
- CIRCL seen: CVE-2024-4835 (circl-sighting)
- CIRCL seen: CVE-2024-4835 (circl-sighting)
- CIRCL seen: CVE-2024-4835 (circl-sighting)
- https://gitlab.com/gitlab-org/gitlab/-/issues/461328 (nist-nvd)
- https://www.exploit-db.com/exploits/52273 (certbund)
- https://hackerone.com/reports/2497024 (osv)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
- cve_db.json (github-poc)
…and 6 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- May 21, 2024 CVE Published
- May 23, 2024 EPSS Score
- May 23, 2024 PoC Published
- May 26, 2024 PoC Published
- May 27, 2024 PoC Published
- May 27, 2024 PoC Published
- Oct 5, 2024 Coalition ESS Score
- Feb 11, 2025 Coalition ESS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 27, 2025 EPSS Score