CVE-2024-8647

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

Description

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

INFO

Published Date :

2024-12-12T12:02:54.888Z

Last Modified :

2024-12-12T15:44:19.905Z

Source :

GitLab

AFFECTED PRODUCTS

The following products are affected by CVE-2024-8647 vulnerability.

Vendors	Products
Gitlab	Gitlab

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8647.

URL	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/486051
https://hackerone.com/reports/2666341

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact