CVE-2024-8647

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/486051
https://hackerone.com/reports/2666341

Configurations

No configuration.

History

12 Dec 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-12 12:15

Updated : 2024-12-12 12:15

NVD link : CVE-2024-8647

Mitre link : CVE-2024-8647

CVE.ORG link : CVE-2024-8647

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.4 /10