GitLab 17.2.1

CPE Details

GitLab 17.2.1
gitlab
gitlab
17.2.1
2024-08-08
15h28 +00:00
2024-08-08
15h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gitlab:gitlab:17.2.1:*:*:*:*:*:*:*

Informations

Vendor

gitlab

Product

gitlab

Version

17.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45409 2024-09-10 18h50 +00:00 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
10
Critical
CVE-2024-4207 2024-08-08 10h31 +00:00 A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.
5.4
Medium