CVE-2024-4597

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-4597
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4597.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-4597
Aliases
Published
2024-05-09T01:38:11.850Z
Modified
2025-11-20T13:12:16.435814Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Cross-Site Request Forgery (CSRF) in GitLab
Details

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

Database specific 
{
    "cwe_ids": [
        "CWE-352"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9e7d34f7ff11405ece06ec398b66965d153cee6f
Fixed
6878f253b7b50c8e6217ebfd03717b5e5ea960a4
Database specific 
{
    "versions": [
        {
            "introduced": "16.7"
        },
        {
            "fixed": "16.9.7"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
053df647320e7cac5c255f9e07264a0c35548409
Fixed
f5974fc8f24e7033135f5b0d4f77b68886b2e298
Database specific 
{
    "versions": [
        {
            "introduced": "16.10"
        },
        {
            "fixed": "16.10.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
22834294718a25956b0a859c8eed72248300eeee
Fixed
d210b947e3e51eebcbb24a9152f5c68f7e2b1d58
Database specific 
{
    "versions": [
        {
            "introduced": "16.11"
        },
        {
            "fixed": "16.11.2"
        }
    ]
}

Affected versions

v16.*

v16.10.0-ee
v16.10.1-ee
v16.10.2-ee
v16.10.3-ee
v16.10.4-ee
v16.11.0-ee
v16.11.1-ee