CVE-2024-4612 MEDIUM

CVE-2024-4612: URL Redirection to Untrusted Site ('Open Redirect') in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-601 · Open redirect
Published September 12, 2024
Last update September 13, 2024

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

Key dates

02Disclosure timeline

September 12, 2024 CVE published
September 13, 2024 Record updated