Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-11274

Опубликовано: 12 дек. 2024
Источник: debian
EPSS Низкий

Описание

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gitlabfixed17.5.5-1package

EPSS

Процентиль: 64%
0.00461
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-11274

CVSS3: 8.7
ubuntu
около 1 года назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

nvd логотип

CVE-2024-11274

CVSS3: 8.7
nvd
около 1 года назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

github логотип

GHSA-fr8h-r296-xggf

CVSS3: 8.7
github
около 1 года назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

fstec логотип

BDU:2024-11288

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE , связанная с раскрытием информации при передаче данных, позволяющая нарушителю получить несанкционированных доступ к защищенной информации

EPSS

Процентиль: 64%
0.00461
Низкий