CVE-2024-8186 — Vulnetix

CVE-2024-8186 PUBLISHED

An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.

EPSS 0.08% · 23.6th percentile

Risk Scores

EPSS Score

0.08%

23.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	16.6.0
Bitnami	gitlab	16.6.0

Timeline

Jan 21, 1970 Security Advisory
Feb 26, 2025 CVE Published
Mar 3, 2025 Coalition ESS Score
Mar 4, 2025 EPSS Score
Mar 6, 2025 CVE Updated
Mar 18, 2025 EPSS Score
Apr 1, 2025 EPSS Score
Apr 14, 2025 EPSS Score
Apr 28, 2025 EPSS Score
May 12, 2025 EPSS Score
May 26, 2025 EPSS Score
Jun 9, 2025 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/480751 url
https://hackerone.com/reports/2655757 url
https://nvd.nist.gov/vuln/detail/CVE-2024-8186 url

Open in Interactive Console →