CVE-2024-1211 — Cross-Site Request Forgery in Gitlab

CWE-352 — Cross-Site Request Forgery6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 93.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJan 31

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5gitlab/gitlab10.6 — 16.9.7+2

▶NVDgitlab/gitlab10.6.0 — 16.9.7+2

▶debiandebian/gitlab< gitlab 17.3.5-2 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-5xrw-g5h5-j2r6: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10↗2025-01-31

▶

OSV

CVE-2024-1211: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10↗2025-01-31

▶

📋Vendor Advisories

GitLab

CVE-2024-1211: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and star↗2025-01-31

▶

Red Hat

kernel: netfilter: nf_tables: reject new basechain after table flag update↗2024-05-19

▶

Debian

CVE-2024-1211: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2024

▶