CVE-2024-7404

Published Nov 14, 2024

Last updated 2 days ago

CVSS medium 6.8

Overview

Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.
Source
cve@gitlab.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
5.2
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

cve@gitlab.com
CWE-1021

Social media

Hype score
Not currently trending

  1. Threat Alert: CVE-2024-9693: GitLab Issues Critical Patch for Kubernetes Agent CVE-2024-9693 CVE-2024-7404 CVE-2024-8648 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/KXrmGu6Z1O #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    15 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References