An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.
History

Fri, 13 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 29 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab
Gitlab gitlab
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-05-09T01:38:11.850Z

Updated: 2024-08-29T15:04:58.230Z

Reserved: 2024-05-07T06:32:53.716Z

Link: CVE-2024-4597

cve-icon Vulnrichment

Updated: 2024-08-01T20:47:41.257Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T15:44:10.553

Modified: 2024-12-13T16:55:13.503

Link: CVE-2024-4597

cve-icon Redhat

No data.