← volver
CVE-2024-8635

Server-Side Request Forgery (SSRF) in GitLab

CVSS 7.7 HIGHEPSS 0.6%CWE-918
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 sep 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Productos afectados
GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/https://gitlab.com/gitlab-org/gitlab/-/issues/455273