CVE-2024-4994

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.1 < 16.11.5affected
GitLabGitLab17.0.0 < 17.0.3affected
GitLabGitLab17.1.0 < 17.1.1affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References