Overview
- Description
- An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
- Source
- cve@gitlab.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 3.1
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
- Severity
- LOW
Weaknesses
- cve@gitlab.com
- CWE-708
Social media
- Hype score
- Not currently trending
CVE-2024-9633 Domain Confusion Vulnerability in GitLab CE/EE Versions 16.3-17.5.2 https://t.co/64VU6qRk5c
@VulmonFeeds
14 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9633 An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starti… https://t.co/50OY8Tw8C9
@CVEnew
14 Nov 2024
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes