Cyber Resilience

CVE-2024-2177

MediumPublic PoC

Published: 09 July 2024

Published
09 July 2024
Modified
12 December 2024
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0011 28.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2177 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Gitlab Gitlab. Its CVSS base score is 6.8 (Medium).

Operationally, ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a…

more

crafted payload.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gitlab
gitlab
17.1.0 · 16.3.0 — 16.11.5 · 16.3.0 — 16.11.5 · 17.0.0 — 17.0.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References