A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
References |
|
14 Sep 2024, 15:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab gitlab
Gitlab |
|
Summary |
|
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/455273 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* |
12 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-12 17:15
Updated : 2024-11-21 09:53
NVD link : CVE-2024-8635
Mitre link : CVE-2024-8635
CVE.ORG link : CVE-2024-8635
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-918
Server-Side Request Forgery (SSRF)