VDB

GCVE-110-CLOUD-2024-0014

GCVE-110-CLOUD-2024-0014
Advisory Published
Vulnetix · Advisory published October 9, 2024
A vulnerability in GitLab Pages allowed attackers to take over dangling custom domains pointing to 'instanceX.gitlab.io'. The issue occured when adding an unverified custom domain to GitLab Pages, which serves content for 7 days before disabling. This could lead to cookie stealing, phishing campaigns, and bypassing of Content-Security Policies and CORS.

Affected Products

VendorProductVersionsPlatforms
GitLabGitLab Pages
GitLabCloud Services

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›