CVE-2024-4597

{"id": "CVE-2024-4597", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-05-14T15:44:10.553", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438686", "source": "cve@gitlab.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde 16.7 anteriores a 16.9.7, todas las versiones desde 16.10 anteriores a 16.10.5, todas las versiones desde 16.11 anteriores a 16.11.2. Un atacante podr\u00eda obligar a un usuario con una sesi\u00f3n SAML activa a aprobar un MR a trav\u00e9s de CSRF."}], "lastModified": "2024-05-14T16:11:39.510", "sourceIdentifier": "cve@gitlab.com"}