A stored cross-site scripting vulnerability, also known as XSS, in GitLab’s markdown rendering engine, which allowed the bypassing of the company’s content security policy, has been discovered by a security researcher.
The flaw allowed malicious actors to inject arbitrary JavaScript code into anywhere markdown was processed, such as issues and comments.
This could potentially allow an attacker to execute malicious code on a victim’s machine.
The researcher who discovered the flaw was awarded a $16,000 bounty for responsibly disclosing the bug.
The discovery highlights the importance of proper validation and sanitisation of user-supplied input in file paths.