High severity8.7NVD Advisory· Published Apr 12, 2024· Updated Jun 17, 2026
CVE-2024-3092
CVE-2024-3092
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.9
- (no CPE)range: starting from 16.9 before 16.9.4, starting from 16.10 before 16.10.2
- Range: starting from 16.9 before 16.9.4, starting from 16.10 before 16.10.2
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/gitlab/-/issues/452510nvdExploitIssue Tracking
- hackerone.com/reports/2441257nvdPermissions Required
News mentions
1- GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6GitLab Security Releases · Apr 10, 2024