GitLab Anti-CSRF Token Leak Vulnerability

CVE-2024-8647

Summary

A security issue exists in GitLab that affects a range of versions where the Harbor integration feature is enabled. Under certain conditions, it is possible for the anti-CSRF token to be inadvertently exposed to an external site. This token is integral in protecting web applications from cross-site request forgery attacks. The affected versions span from 15.2 to 17.4.6, and include 17.5 prior to version 17.5.4, and 17.6 before version 17.6.2. Organizations running self-hosted installations of GitLab should take immediate steps to review their configurations and update their systems to mitigate potential risks. Awareness and proactive management are essential to prevent exploitation of this vulnerability.

References