CVE-2024-2434

Published: Apr 25, 2024Modified: Dec 12, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 16.10.0 to 16.10.4
Gitlab Gitlab	From 16.9.0 to 16.9.6
Gitlab Gitlab	From 16.10.0 to 16.10.4
Gitlab Gitlab	From 16.9.0 to 16.9.6
Gitlab Gitlab	Version 16.11.0
Gitlab Gitlab	Version 16.11.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://gitlab.com/gitlab-org/gitlab/-/issues/450303

Source: cve@gitlab.com

ExploitIssue Tracking

https://hackerone.com/reports/2401952

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/gitlab/-/issues/450303

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://hackerone.com/reports/2401952

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.