Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-11274

Опубликовано: 12 дек. 2024
Источник: debian

Описание

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gitlabfixed17.5.5-1package

Связанные уязвимости

ubuntu логотип

CVE-2024-11274

CVSS3: 8.7
ubuntu
6 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

nvd логотип

CVE-2024-11274

CVSS3: 8.7
nvd
6 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

github логотип

GHSA-fr8h-r296-xggf

CVSS3: 8.7
github
6 месяцев назад

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

fstec логотип

BDU:2024-11288

CVSS3: 7.5
fstec
6 месяцев назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE , связанная с раскрытием информации при передаче данных, позволяющая нарушителю получить несанкционированных доступ к защищенной информации