PT-2024-6545 · Gitlab · Gitlab Ce/Ee+1

Published

2024-09-16

Updated

2024-09-24

CVE-2024-4283

CVSS v2.0

6.6

Medium

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.1 through 17.1.7 GitLab EE versions 17.2 through 17.2.5 GitLab EE versions 17.3 through 17.3.2

Description: The issue is related to an open redirect vulnerability that could allow a remote attacker to take over a user's account by breaking the OAuth flow. This can occur under certain conditions, potentially leading to account takeover.

Recommendations: For GitLab EE versions 11.1 through 17.1.7, update to version 17.1.7 or later. For GitLab EE versions 17.2 through 17.2.5, update to version 17.2.5 or later. For GitLab EE versions 17.3 through 17.3.2, update to version 17.3.2 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BDU:2024-07689

BIT-GITLAB-2024-4283

CVE-2024-4283

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2024-6545 · Gitlab · Gitlab Ce/Ee+1

CVE-2024-4283

Weakness Enumeration

Related Identifiers

Affected Products

References · 15