- Description
- An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.
- Source
- cve@gitlab.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.7
- Impact score
- 5.8
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@gitlab.com
- CWE-601
- Hype score
- Not currently trending
“GitLab” məhsullarında boşluq (CVE-2024-11274) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/8sGyE3L0iH
@CERTAzerbaijan
17 Dec 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gtlab fixes several vulnerabilities #GITLAB #CVE-2024-8233 #CVE-2024-11274 https://t.co/UD6GFtscNM
@pravin_karthik
13 Dec 2024
27 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-11274, -8233: Multiple vulns in GitLab, 7.5 - 8.7 rating❗️ One of them allows to DoS, the second allows to potentially gain unauthorized access to accounts. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/ajKzAsjr4B #cybersecurity #vulnerability_map #gitlab
@Netlas_io
12 Dec 2024
293 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11274: GitLab Vulnerability Exposes User Accounts https://t.co/QGVEEpYIyv
@Dinosn
12 Dec 2024
2368 Impressions
9 Retweets
21 Likes
5 Bookmarks
0 Replies
0 Quotes