CVE-2024-10240

medium

Description

Gitlab reports: Unauthorized access to Kubernetes cluster agent Device OAuth flow allows for cross window forgery Denial of Service by importing malicious crafted FogBugz import payload Stored XSS through javascript URL in Analytics dashboards HTML injection in vulnerability Code flow could lead to XSS on self hosted instances Information disclosure through an API endpoint

Details

Source: Mitre, NVD

Published: 2024-11-14

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

Detections

Analytics