Home > Vulnerability Database > CVE-2024-8647

Mend.io Vulnerability Database

CVE-2024-8647

Date: December 12, 2024

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

Language: Ruby

Severity Score

5.4

Related Resources (4)

Url: https://hackerone.com/reports/2666341

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/486051

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8647

Url: https://www.mend.io/vulnerability-database/CVE-2024-8647

Severity Score

5.4

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8647

Date: December 12, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?