CVE-2024-1211 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-1211

Analyzed

More Info Official Page

Source-cve@gitlab.com

Published At-31 Jan, 2025 | 00:15

Updated At-05 Aug, 2025 | 20:57

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.4	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

>>gitlab>>Versions from 10.6.0(inclusive) to 16.9.7(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 10.6.0(inclusive) to 16.9.7(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

>>gitlab>>Versions from 16.10.0(inclusive) to 16.10.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 16.10.0(inclusive) to 16.10.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

>>gitlab>>Versions from 16.11.0(inclusive) to 16.11.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 16.11.0(inclusive) to 16.11.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	cve@gitlab.com

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/440313	cve@gitlab.com	Broken Link
https://hackerone.com/reports/2323594	cve@gitlab.com	Permissions Required