An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration. | |
Title | URL Redirection to Untrusted Site ('Open Redirect') in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-601 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-12-12T12:02:20.019Z
Updated: 2024-12-12T15:44:45.428Z
Reserved: 2024-11-15T18:31:33.020Z
Link: CVE-2024-11274
Vulnrichment
Updated: 2024-12-12T15:31:46.121Z
NVD
Status : Received
Published: 2024-12-12T12:15:22.267
Modified: 2024-12-12T12:15:22.267
Link: CVE-2024-11274
Redhat
No data.