CVE-2024-8647

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8647

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8647.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-8647

Aliases

BIT-gitlab-2024-8647

Downstream

UBUNTU-CVE-2024-8647

Related

CGA-3g7r-gx2x-26w9

Published

2024-12-12T12:15:28Z

Modified

2025-07-12T05:51:20Z

Summary

[none]

Details

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

d836c22d87f6f0397b93cc72ce3af27a6dc02d93

Fixed

25a55583bbcf724ad625848d48a529467e7c7097