VDB
GCVE-110-CLOUD-2024-0014
GCVE-110-CLOUD-2024-0014
Advisory Published
A vulnerability in GitLab Pages allowed attackers to take over dangling custom domains pointing to 'instanceX.gitlab.io'. The issue occured when adding an unverified custom domain to GitLab Pages, which serves content for 7 days before disabling. This could lead to cookie stealing, phishing campaigns, and bypassing of Content-Security Policies and CORS.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GitLab | GitLab Pages | — | — |
| GitLab | Cloud Services | — | — |
Aliases
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.