CVE-2024-8635 | GitLab Enterprise Edition up to 17.1.6/17.2.4/17.3.1 Maven Dependency Proxy URL server-side request forgery (Issue 455273)

Inserito da Angelo Barbosa | Set 12, 2024 | CVE

A vulnerability was found in GitLab Enterprise Edition up to 17.1.6/17.2.4/17.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Maven Dependency Proxy URL Handler. The manipulation leads to server-side request forgery.

This vulnerability is handled as CVE-2024-8635. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-8635 | GitLab Enterprise Edition up to 17.1.6/17.2.4/17.3.1 Maven Dependency Proxy URL server-side request forgery (Issue 455273)

Post correlati

CVE-2024-22768 | Hitron DVR HVR-4781 up to 4.02 default credentials

CVE-2024-21476 | Qualcomm Snapdragon up to XR2+ Gen 1 Platform Channel ID memory corruption

CVE-2024-35060 | NASA AIT-Core 2.5.2 YAML Python Library Privilege Escalation

CVE-2024-6180 | EventON Plugin up to 2.2.15 on WordPress Setting authorization