CVE-2024-4994

High CVSS 8.1

Overview

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.

CWE: CWE-352 Published: 2025-06-20T19:15:35.460

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.1 (HIGH)
Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Overview

Recommended tools

Tags