High severity8.7NVD Advisory· Published Apr 12, 2024· Updated Jun 17, 2026
CVE-2024-2279
CVE-2024-2279
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.7
- (no CPE)range: 16.7 to 16.8.6, 16.9 before 16.9.4, 16.10 before 16.10.2
- Range: 16.7 to 16.8.6, 16.9 before 16.9.4, 16.10 before 16.10.2
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/gitlab/-/issues/448469nvdExploitIssue Tracking
- hackerone.com/reports/2404710nvdPermissions Required
News mentions
1- GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6GitLab Security Releases · Apr 10, 2024