CVE-2024-8647

MEDIUM

GitLab <17.4.6-17.6.2 - CSRF

Title source: llm

Description

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

References (2)

[Exploit, Issue Tracking, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/486051

[Permissions Required] https://hackerone.com/reports/2666341

Scores

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 33.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-22

Status published

Affected Products (1)

gitlab/gitlab < 17.4.6

Timeline

Published Dec 12, 2024

Tracked Since Feb 18, 2026