CVE-2023-3500: Reflected XSS in GitLab CE/EE PlantUML Diagrams

A new security vulnerability has been identified in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting various versions dating back to 10.. The vulnerability has been assigned as CVE-2023-3500. This vulnerability allows an attacker to perform a Reflected Cross-Site Scripting (XSS) attack via specific PlantUML diagrams created within GitLab.

Exploit Details

The vulnerability allows an attacker to create specific PlantUML diagrams in GitLab that can result in executing malicious JavaScript code when a user views the diagram. This can lead to the attacker performing arbitrary actions on behalf of the victim such as stealing session tokens, logging keystrokes of sensitive information, or modifying content in the victim's GitLab repositories.

Code Snippet

To demonstrate the potential impact of this vulnerability, let's consider the following example. An attacker creates a PlantUML diagram as follows:

@startuml
!pragma teoz true
skinparam monochrome true
<title>
  <script>alert('XSS')</script>
</title>
@enduml

When a user views the repository containing this PlantUML diagram, the injected JavaScript code within the