CVE-2024-9387

Published: Dec 12, 2024Modified: Jul 11, 2025

6.4

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: cve@gitlab.com (Secondary)

Description

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.8.0 to 17.4.6
Gitlab Gitlab	From 17.5.0 to 17.5.4
Gitlab Gitlab	From 17.6.0 to 17.6.2
Gitlab Gitlab	From 11.8.0 to 17.4.6
Gitlab Gitlab	From 17.5.0 to 17.5.4
Gitlab Gitlab	From 17.6.0 to 17.6.2

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/496659

Source: cve@gitlab.com

ExploitIssue TrackingVendor Advisory

https://hackerone.com/reports/2732235

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.