CVE-2024-4597
Cross-Site Request Forgery (CSRF) in GitLab
6.5
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.
How to fix CVE-2024-4597
To remediate CVE-2024-4597, upgrade the affected package to a fixed version below.
- —upgrade to 16.9.7 or later
Is CVE-2024-4597 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 16.7.0, < 16.9.7, >= 16.10.0, < 16.10.5, >= 16.11.0, < 16.11.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |