An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.
History

Thu, 12 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 12:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.
Title URL Redirection to Untrusted Site ('Open Redirect') in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-601
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-12-12T12:02:20.019Z

Updated: 2024-12-12T15:44:45.428Z

Reserved: 2024-11-15T18:31:33.020Z

Link: CVE-2024-11274

cve-icon Vulnrichment

Updated: 2024-12-12T15:31:46.121Z

cve-icon NVD

Status : Received

Published: 2024-12-12T12:15:22.267

Modified: 2024-12-12T12:15:22.267

Link: CVE-2024-11274

cve-icon Redhat

No data.