CVE-2024-0231

Published Jul 24, 2024

Last updated 2 months ago

CVSS low 2.7

Overview

Description: A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.
Source: cve@gitlab.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.7
Impact score: 1.4
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: CWE-74
cve@gitlab.com: CWE-99

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C8628A0-047F-4108-B908-7DA6EFA1A918",
            "versionEndExcluding": "17.0.5",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33DF53D1-A375-445D-A2FE-0098DF44B66F",
            "versionEndExcluding": "17.0.5",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E68B5BB3-0D86-4D3C-98A2-5717B267C2E3",
            "versionEndExcluding": "17.1.3",
            "versionStartIncluding": "17.1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D50D43C6-72E7-4FE7-91E3-87ED5A2934A3",
            "versionEndExcluding": "17.1.3",
            "versionStartIncluding": "17.1.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:17.2.0:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0E770CB-C97B-4D0D-8D87-9B3D422CB73D"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:17.2.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "284FD63C-6480-41AE-AAA0-17A9879DB44B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References