CVE-2024-2177 MEDIUM

CVE-2024-2177: Improper Restriction of Rendered UI Layers or Frames in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-1021
Published July 9, 2024
Last update September 17, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.

Key dates

02Disclosure timeline

July 9, 2024 CVE published
September 17, 2024 Record updated