CVE-2024-8647

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

Related Vulnerabilities

CVE-2018-14654

MEDIUM
CVSS:5.4(Medium)

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...

CWE-222018

CVE-2019-14362

MEDIUM
CVSS:5.4(Medium)

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewA...

CWE-222019

CVE-2019-5936

MEDIUM
CVSS:5.4(Medium)

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

CWE-222019

CVE-2020-15941

MEDIUM
CVSS:5.4(Medium)

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete ...

CWE-222020

CVE-2020-4209

MEDIUM
CVSS:5.4(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc...

CWE-222020

CVE-2021-25367

MEDIUM
CVSS:5.4(Medium)

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.

CWE-222021