Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-1211

Опубликовано: 31 янв. 2025
Источник: debian

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gitlabfixed17.3.5-2package

Связанные уязвимости

ubuntu логотип

CVE-2024-1211

CVSS3: 6.4
ubuntu
5 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

nvd логотип

CVE-2024-1211

CVSS3: 6.4
nvd
5 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

github логотип

GHSA-5xrw-g5h5-j2r6

CVSS3: 6.4
github
5 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

fstec логотип

BDU:2025-01577

CVSS3: 6.4
fstec
больше 1 года назад

Уязвимость конфигурации JWT OmniAuth provider программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)