An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.
2024-12-12T12:15:28.727
2025-07-11T20:35:26.107
Analyzed
CVSSv3.1: 6.4 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gitlab | gitlab | < 17.4.6 | Yes |
Application | gitlab | gitlab | < 17.4.6 | Yes |
Application | gitlab | gitlab | < 17.5.4 | Yes |
Application | gitlab | gitlab | < 17.5.4 | Yes |
Application | gitlab | gitlab | < 17.6.2 | Yes |
Application | gitlab | gitlab | < 17.6.2 | Yes |