Overview
- Description
- An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
- Source
- cve@gitlab.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 5.8
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
Weaknesses
- cve@gitlab.com
- CWE-306
Social media
- Hype score
- Not currently trending
🔐 GitLab fixed critical flaw CVE-2024-9164. Update now to secure your CI/CD pipelines. #CyberSecurity #DevOps #GitLabUpdate https://t.co/YQDpQcS2Lq
@OffenseLogic
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Have any more info on CVE-2024-9164 @gitlab ? Reference links are private/rotted/paywalled. https://t.co/aGVlD67pY4 Hope the fix is practical. Definitely running hella "arbitrary branch" pipelines daily. https://t.co/3MXiyV6Mrw
@ImpostorKeanu
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes