216.73.217.64

CVE-2024-8635

· Published 12/09/2024 17:15 · Modified 14/09/2024 15:24

Labels: CVE-2024-8635 2024-09-12CVE-2024-8635CWE-918[email protected]

Essential information

Published
12/09/2024 17:15
Modified
14/09/2024 15:24
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gitlab / gitlab cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlab / gitlab cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
gitlab / gitlab cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlab / gitlab cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
gitlab / gitlab cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlab / gitlab cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

References