An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.
History

Thu, 12 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 14 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 13:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.
Title Improper Restriction of Rendered UI Layers or Frames in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-1021
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-11-14T13:02:23.587Z

Updated: 2024-11-14T15:08:01.260Z

Reserved: 2024-08-02T07:30:52.534Z

Link: CVE-2024-7404

cve-icon Vulnrichment

Updated: 2024-11-14T15:07:57.886Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-14T13:15:05.050

Modified: 2024-12-12T21:48:13.673

Link: CVE-2024-7404

cve-icon Redhat

No data.