CVE-2024-1211

Medium

Published: 31 January 2025

Published

31 January 2025

Modified

05 August 2025

KEV Added

—

Patch

—

CVSS Score 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0003 7.3th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1211 is a medium-severity CSRF (CWE-352) vulnerability in Gitlab Gitlab. Its CVSS base score is 6.4 (Medium).

Operationally, ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

Directly protects communication session authenticity using mechanisms like anti-CSRF tokens, preventing forged requests in GitLab's JWT OmniAuth configuration.

SI-10 Information Input Validation good match

prevent

Validates information inputs including CSRF tokens or origin headers, blocking unauthorized state-changing requests exploiting the vulnerability.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws like this CSRF vulnerability through patching to affected GitLab versions.

NVD Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on…

GitLab instances configured to use JWT as an OmniAuth provider.

Deeper analysisAI

CVE-2024-1211 is a cross-site request forgery (CSRF) vulnerability, mapped to CWE-352, discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). It affects all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2, but only on GitLab instances configured to use JWT as an OmniAuth provider. The vulnerability carries a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

Exploitation requires network access and low privileges from the attacker, combined with high attack complexity and user interaction, such as tricking an authenticated user into performing a malicious request. A successful attack enables the attacker to act on behalf of the victim, potentially compromising high levels of confidentiality and integrity without affecting availability.

Mitigation is achieved by upgrading to patched versions: 16.9.7, 16.10.5, or 16.11.2. Additional details on the issue and resolution are documented in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/440313 and the corresponding HackerOne report at https://hackerone.com/reports/2323594.

Details

CWE(s): CWE-352

Affected Products

gitlab

10.6.0 — 16.9.7 · 10.6.0 — 16.9.7 · 16.10.0 — 16.10.5

CVEs Like This One

CVE-2026-3857Same product: Gitlab Gitlab

CVE-2026-4922Same product: Gitlab Gitlab

CVE-2026-1092Same product: Gitlab Gitlab

CVE-2025-12664Same product: Gitlab Gitlab

CVE-2026-3988Same product: Gitlab Gitlab

CVE-2025-14513Same product: Gitlab Gitlab

CVE-2024-9870Same product: Gitlab Gitlab

CVE-2025-7659Same product: Gitlab Gitlab

CVE-2026-1724Same product: Gitlab Gitlab

CVE-2025-2242Same product: Gitlab Gitlab

References

https://gitlab.com/gitlab-org/gitlab/-/issues/440313
Broken Link · cve@gitlab.com
https://hackerone.com/reports/2323594
Permissions Required · cve@gitlab.com