Analysis Summary

CVE-2024-4612 CVSS:6.4

GitLab could allow a remote authenticated attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.

CVE-2024-8641 CVSS:6.7

GitLab allow a remote authenticated attacker to gain elevated privileges on the system, caused by privilege context switching error. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain a GitLab session token belonging to the victim.

CVE-2024-8041 CVSS:6.5

GitLab is vulnerable to a denial of service. By importing a specially crafted repository using the GitHub importer, an attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-6502 CVSS:5.7

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in GitLab Web Interface. By sending a specially crafted request, an attacker could exploit this vulnerability to create a branch with the same name as a deleted tag.

Impact

• Gain Access
• Privilege Escalation
• Denial of Service
• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-4612
• CVE-2024-8641
• CVE-2024-8041
• CVE-2024-6502

Affected Vendors

Remediation

Refer to GitLab Web site for patch, upgrade or suggested workaround information.

CVE-2024-4612

CVE-2024-8641

CVE-2024-8041

CVE-2024-6502