CVE-2024-8647

Name of the Vulnerable Software and Affected Versions GitLab versions 15.2 through 17.4.6 GitLab versions 17.5 through 17.5.4 GitLab versions 17.6 through 17.6.2

Description The issue is related to a problem in GitLab that allows for a Cross-Site Request Forgery (CSRF) attack. This can be exploited by a remote attacker to leak the anti-CSRF token to an external site when the Harbor integration is enabled. The issue affects self-hosted installations of GitLab.

Recommendations For GitLab versions 15.2 through 17.4.6, update to a version later than 17.4.6 to resolve the issue. For GitLab versions 17.5 through 17.5.4, update to a version later than 17.5.4 to resolve the issue. For GitLab versions 17.6 through 17.6.2, update to a version later than 17.6.2 to resolve the issue. As a temporary workaround, consider disabling the Harbor integration until a patch is available.