CVE-2024-6446
LOWDescription
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
References
Frequently Asked Questions
What is CVE-2024-6446? +
How severe is CVE-2024-6446? +
What products are affected by CVE-2024-6446? +
How do I check if I'm vulnerable to CVE-2024-6446? +
Related Vulnerabilities
Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading …
Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.