CVE-2024-11931

Published Jan 24, 2025

Last updated 22 days ago

CVSS medium 6.4

Overview

Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.
Source: cve@gitlab.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.4
Impact score: 2.7
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cve@gitlab.com: CWE-1220

Hype score: Not currently trending

به تازگی برای GITLAB سه آسیب پذیری با کدهای شناسایی CVE-2025-0314 از نوع xss و CVE-2024-11931 و CVE-2024-6324 که از نوع DOS می باشد ، منتشر شده است. برای پیشگیری و مقابله با این تهدیدات ، به نسخه 17.6.4 یا 17.7.3 به روز رسانی نمایید. https://t.co/Poz3aKY03t https://t.co/wjUdarPR
@AmirHossein_sec
30 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References