Lucene search
HistorySep 12, 2024 - 5:15 p.m.
CVE-2024-4612
gitlab ee
open redirect
account takeover
oauth flow
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.
Affected configurations
Node
gitlabgitlabRange12.9.0–17.1.7enterprise
ORgitlabgitlabRange17.2.0–17.2.5enterprise
ORgitlabgitlabRange17.3.0–17.3.2enterprise
Related
nessus
nessus
GitLab 12.9 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-4612)
2024-09-12 00:00:00
FreeBSD : Gitlab -- vulnerabilities (bcc8b21e-7122-11ef-bece-2cf05da270f3)
2024-09-13 00:00:00
debiancve
debiancve
CVE-2024-4612
2024-09-12 17:15:04
osv
osv
BIT-gitlab-2024-4612
2024-09-14 07:13:08
CVE-2024-4612
2024-09-12 17:15:04
cve
cve
CVE-2024-4612
2024-09-12 17:15:04
cvelist
cvelist
CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
2024-09-12 16:57:08
vulnrichment
vulnrichment
CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
2024-09-12 16:57:08
freebsd
freebsd
Gitlab -- vulnerabilities
2024-09-11 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-4612