Home > Vulnerability Database > CVE-2024-11274

Mend.io Vulnerability Database

CVE-2024-11274

Date: December 12, 2024

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

Language: Ruby

Severity Score

8.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11274

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/504707

Url: https://hackerone.com/reports/2813673

Url: https://www.mend.io/vulnerability-database/CVE-2024-11274

Severity Score

8.7

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

CVSS v3.1

Base Score:	8.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11274

Date: December 12, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?