Medium severity5.7NVD Advisory· Published May 14, 2024· Updated Jun 17, 2026
CVE-2024-4597
CVE-2024-4597
Description
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.
Affected products
4cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.7
- (no CPE)range: from 16.7 before 16.9.7, from 16.10 before 16.10.5, from 16.11 before 16.11.2
- Range: from 16.7 before 16.9.7, from 16.10 before 16.10.5, from 16.11 before 16.11.2
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/438686nvdBroken Link
News mentions
1- GitLab Patch Release: 16.11.2, 16.10.5, 16.9.7GitLab Security Releases · May 8, 2024