CVE-2024-4597

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-4597

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4597.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-4597

Aliases

BIT-gitlab-2024-4597

Published

2024-05-14T15:44:10Z

Modified

2024-05-29T20:13:28Z

Summary

[none]

Details

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/438686

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

9e7d34f7ff11405ece06ec398b66965d153cee6f

Fixed

6878f253b7b50c8e6217ebfd03717b5e5ea960a4