- Description
- An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- NVD-CWE-noinfo
- cve@gitlab.com
- CWE-284
- Hype score
- Not currently trending
GitLab addresses critical security flaws in its latest patch, fixing vulnerabilities in import functionality and enhancing user control. Key CVEs include CVE-2024-5655 and CVE-2024-6385. 🔒🛡️ #GitLab #SecurityUpdate #USA #CybersecurityNews link: https://t.co/oLZgHtgFc9 https://
@TweetThreatNews
9 Jan 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitLab has released updates addressing 14 security issues, including the critical CVE-2024-5655. Non-compliance could impact sales and contracts. Ensure your development environment is secure. 🚨 #Cybersecurity #AppSec https://t.co/gGXrZaszTJ
@AbhiSinghh965
29 Oct 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "553F7F98-3958-4433-A8A7-C15DECDCFCE6",
"versionEndExcluding": "16.11.5",
"versionStartIncluding": "15.8.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40968EC9-BB19-4A6F-8D6D-A4847FEF6167",
"versionEndExcluding": "16.11.5",
"versionStartIncluding": "15.8.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "541958DE-CB05-43D9-921B-4ADD2E436BF7",
"versionEndExcluding": "17.0.3",
"versionStartIncluding": "17.0.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C987EC42-A56B-462A-A0CE-7417CC0FD414",
"versionEndExcluding": "17.0.3",
"versionStartIncluding": "17.0.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2461A15-EA5F-43D1-B359-0F24713A713B"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AA7835D-35E6-44D6-9194-2AC4C38961CE"
}
],
"operator": "OR"
}
]
}
]