← back
CVE-2017-0923

CVE-2017-0923

EPSS 0.8%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Mar 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
Affected products
GitLab · GitLab Community and Enterprise Editions

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/https://hackerone.com/reports/293740