VYPR
Medium severity5.7NVD Advisory· Published May 14, 2024· Updated Jun 17, 2026

CVE-2024-4597

CVE-2024-4597

Description

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF.

Affected products

4
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.7
    • (no CPE)range: from 16.7 before 16.9.7, from 16.10 before 16.10.5, from 16.11 before 16.11.2
  • Range: from 16.7 before 16.9.7, from 16.10 before 16.10.5, from 16.11 before 16.11.2
  • osv-coords
    Range: >= 16.7.0, < 16.9.7

Patches

Vulnerability mechanics

References

1

News mentions

1