{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T05:49:15.793","vulnerabilities":[{"cve":{"id":"CVE-2024-8647","sourceIdentifier":"cve@gitlab.com","published":"2024-12-12T12:15:28.297","lastModified":"2025-07-11T19:31:04.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled."},{"lang":"es","value":"Se descubriĆ³ un problema en GitLab que afectaba a todas las versiones desde la 15.2 hasta la 17.4.6, desde la 17.5 hasta la 17.5.4 y desde la 17.6 hasta la 17.6.2. En las instalaciones alojadas en servidores propios, era posible filtrar el token anti-CSRF a un sitio externo mientras la integraciĆ³n de Harbor estaba habilitada."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"15.2.0","versionEndExcluding":"17.4.6","matchCriteriaId":"AB8DCBC1-255B-4D24-9875-F901BE788DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndExcluding":"17.5.4","matchCriteriaId":"F97D9F30-A47B-4288-8B5C-28990A4F822F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"17.6.0","versionEndExcluding":"17.6.2","matchCriteriaId":"EFBA60E5-4212-459C-A79E-D676F02233B4"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/486051","source":"cve@gitlab.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://hackerone.com/reports/2666341","source":"cve@gitlab.com","tags":["Permissions Required"]}]}}]}