CVE-2024-6446 Information

Description

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/470144 https://hackerone.com/reports/2573481