Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-4612

HistorySep 12, 2024 - 5:15 p.m.

CVE-2024-4612

2024-09-1217:15:04

Debian Security Bug Tracker

security-tracker.debian.org

gitlab

open redirect

account takeover

oauth

vulnerability

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab< 16.8.4-1gitlab_16.8.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	< 16.8.4-1	gitlab_16.8.4-1_all.deb

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

Related for DEBIANCVE:CVE-2024-4612