admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-86xx/CVE-2024-8647.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

64 lines
2.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-8647",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-12-12T12:15:28.297",
"lastModified": "2024-12-12T12:15:28.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab que afectaba a todas las versiones desde la 15.2 hasta la 17.4.6, desde la 17.5 hasta la 17.5.4 y desde la 17.6 hasta la 17.6.2. En las instalaciones alojadas en servidores propios, era posible filtrar el token anti-CSRF a un sitio externo mientras la integraci\u00f3n de Harbor estaba habilitada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486051",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2666341",
"source": "cve@gitlab.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink