An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.
History

Tue, 24 Sep 2024 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Wed, 18 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Sep 2024 22:00:00 +0000

Type Values Removed Values Added
Description An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.
Title URL Redirection to Untrusted Site ('Open Redirect') in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-601
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-09-16T21:34:08.579Z

Updated: 2024-09-18T13:07:40.681Z

Reserved: 2024-04-26T23:02:03.272Z

Link: CVE-2024-4283

cve-icon Vulnrichment

Updated: 2024-09-17T15:25:16.165Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-16T22:15:20.650

Modified: 2024-09-24T16:51:23.193

Link: CVE-2024-4283

cve-icon Redhat

No data.