admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-42xx/CVE-2024-4283.json
cad-safe-bot 79e405279c Auto-Update: 2024-09-24T18:00:19.500737+00:00
2024-09-24 18:03:17 +00:00

133 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-4283",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-16T22:15:20.650",
"lastModified": "2024-09-24T16:51:23.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de la 11.1 anterior a la 17.1.7, la 17.2 anterior a la 17.2.5 y la 17.3 anterior a la 17.3.2. En determinadas condiciones, una vulnerabilidad de redirecci\u00f3n abierta podr\u00eda permitir la apropiaci\u00f3n de una cuenta interrumpiendo el flujo de OAuth."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "8D6519A2-EF66-4695-8CF6-420A17212C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458502",
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2474286",
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink