CVE-2024-4283 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

2024-09-1621:34:08

CWE-601

GitLab

github.com

gitlab

url redirection

vulnerability

account takeover

oauth

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.