CVE-2024-9387

Published Dec 12, 2024

Last updated 3 months ago

CVSS medium 6.4

Overview

Description: An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.
Source: cve@gitlab.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.4
Impact score: 5.2
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Severity: MEDIUM

Weaknesses

cve@gitlab.com: CWE-601

Hype score: Not currently trending

CVE-2024-9387 Open Redirect Vulnerability in GitLab CE/EE API Endpoint A problem was found in GitLab CE/EE. It affects all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker... https://t.co/xWIvCiPhuy
@VulmonFeeds
12 Dec 2024
40 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes

References