CVE-2024-4283

Published: Sep 16, 2024Modified: Sep 24, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

Affected (3)

Products: Gitlab: Gitlab

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.1.0 to 17.1.7
Gitlab Gitlab	From 17.2.0 to 17.2.5
Gitlab Gitlab	From 17.3.0 to 17.3.2

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/458502

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2474286

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.