{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-4597","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2024-05-07T06:32:53.716Z","datePublished":"2024-05-09T01:38:11.850Z","dateUpdated":"2024-08-29T15:04:58.230Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","vendor":"GitLab","versions":[{"lessThan":"16.9.7","status":"affected","version":"16.7","versionType":"semver"},{"lessThan":"16.10.5","status":"affected","version":"16.10","versionType":"semver"},{"lessThan":"16.11.2","status":"affected","version":"16.11","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability was reported internally by a GitLab team member [joernchen](https://gitlab.com/joernchen)"}],"descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-352","description":"CWE-352: Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2024-08-29T15:04:58.230Z"},"references":[{"name":"GitLab Issue #438686","tags":["issue-tracking","permissions-required"],"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/438686"}],"solutions":[{"lang":"en","value":"Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above."}],"title":"Cross-Site Request Forgery (CSRF) in GitLab"},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-12T19:33:41.245512Z","id":"CVE-2024-4597","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T19:47:03.571Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:47:41.257Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/438686","name":"GitLab Issue #438686","tags":["issue-tracking","permissions-required","x_transferred"]}]}]}}