Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2024-2177

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.

  • Published: Jul 9, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-2177
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 17.1.0 17.1.0.x
gitlab / gitlab 17.0.0 17.0.3
gitlab / gitlab 16.3.0 16.11.5