CVE-2024-2177

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.3 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2 GitLab CE/EE versions 17.1 through 17.1.0

Description: A Cross Window Forgery issue exists within GitLab CE/EE due to an incorrect restriction of visualizable layers in the user interface. This allows an attacker to abuse the OAuth authentication flow via a crafted payload, potentially leading to unauthorized actions.

Recommendations: For versions 16.3 through 16.11.4, update to version 16.11.5 or later. For versions 17.0 through 17.0.2, update to version 17.0.3 or later. For versions 17.1 through 17.1.0, update to version 17.1.1 or later. As a temporary workaround, consider restricting access to the OAuth authentication flow until a patch is available.