CVE-2024-4283

2024-09-1622:15:20

CWE-601

GitLab

web.nvd.nist.gov

gitlab

vulnerability

account takeover

oauth

open redirect

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

26.7%

JSON

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

Affected configurations

Vulners

Node

gitlabgitlabRange11.1–17.1.7

gitlabgitlabRange17.2–17.2.5

gitlabgitlabRange17.3–17.3.2

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab::::::::

CNA Affected

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "11.1",
        "status": "affected",
        "lessThan": "17.1.7",
        "versionType": "semver"
      },
      {
        "version": "17.2",
        "status": "affected",
        "lessThan": "17.2.5",
        "versionType": "semver"
      },
      {
        "version": "17.3",
        "status": "affected",
        "lessThan": "17.3.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]