GitLab 17.2.0

CPE Details

GitLab 17.2.0
gitlab
gitlab
17.2.0
2024-08-08
15h28 +00:00
2024-08-08
15h28 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:gitlab:gitlab:17.2.0:*:*:*:*:*:*:*

Informations

Vendor

gitlab

Product

gitlab

Version

17.2.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45409 2024-09-10 18h50 +00:00 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
10
Critique
CVE-2024-4207 2024-08-08 10h31 +00:00 A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.
5.4
Moyen