An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.

Related CVEs

CVE-2024-7404

Key Information

GHSA ID

GHSA-f7c4-9mmj-8w4v

Published

November 14, 2024 3:32 PM

Last Modified

November 14, 2024 3:32 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.