CVE-2024-9164

Published: Oct 11, 2024Modified: Dec 13, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.5.0 to 17.2.9
Gitlab Gitlab	From 17.3.0 to 17.3.5
Gitlab Gitlab	From 17.4.0 to 17.4.2
Gitlab Gitlab	From 12.5.0 to 17.2.9
Gitlab Gitlab	From 17.3.0 to 17.3.5
Gitlab Gitlab	From 17.4.0 to 17.4.2

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/493946

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2711204

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.