CVE-2024-9163

Published: May 23, 2025Modified: Aug 8, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.1.0 to 17.10.7
Gitlab Gitlab	From 17.11.0 to 17.11.3
Gitlab Gitlab	From 12.1.0 to 17.10.7
Gitlab Gitlab	From 17.11.0 to 17.11.3
Gitlab Gitlab	Version 18.0.0
Gitlab Gitlab	Version 18.0.0

Related CWEs

CWE-451

User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/493942

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2705566

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.