CVE-2024-8647

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/486051	Exploit Issue Tracking Vendor Advisory
https://hackerone.com/reports/2666341	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::

History

11 Jul 2025, 19:31

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/486051 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/486051 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://hackerone.com/reports/2666341 -~~	() https://hackerone.com/reports/2666341 - Permissions Required
First Time		Gitlab gitlab Gitlab
CPE		cpe:2.3:a:gitlab:gitlab::::::::

12 Dec 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-12 12:15

Updated : 2025-07-11 19:31

NVD link : CVE-2024-8647

Mitre link : CVE-2024-8647

CVE.ORG link : CVE-2024-8647

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-8647", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-12-12T12:15:28.297", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486051", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2666341", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab que afectaba a todas las versiones desde la 15.2 hasta la 17.4.6, desde la 17.5 hasta la 17.5.4 y desde la 17.6 hasta la 17.6.2. En las instalaciones alojadas en servidores propios, era posible filtrar el token anti-CSRF a un sitio externo mientras la integraci\u00f3n de Harbor estaba habilitada."}], "lastModified": "2025-07-11T19:31:04.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB8DCBC1-255B-4D24-9875-F901BE788DA0", "versionEndExcluding": "17.4.6", "versionStartIncluding": "15.2.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F97D9F30-A47B-4288-8B5C-28990A4F822F", "versionEndExcluding": "17.5.4", "versionStartIncluding": "17.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFBA60E5-4212-459C-A79E-D676F02233B4", "versionEndExcluding": "17.6.2", "versionStartIncluding": "17.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}