An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | |
Title | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-12-12T12:02:54.888Z
Updated: 2024-12-12T15:44:19.905Z
Reserved: 2024-09-10T09:01:52.178Z
Link: CVE-2024-8647
Vulnrichment
Updated: 2024-12-12T15:21:11.127Z
NVD
Status : Received
Published: 2024-12-12T12:15:28.297
Modified: 2024-12-12T12:15:28.297
Link: CVE-2024-8647
Redhat
No data.