CVE-2024-8647
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Productos afectados
GitLab · GitLab¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →