VYPR
Unrated severityNVD Advisory· Published Dec 12, 2024· Updated Dec 12, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

CVE-2024-8647

Description

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10

Patches

Vulnerability mechanics

References

2

News mentions

1