CVE-2024-8311

EPSS 0.04%
Veröffentlicht 12.09.2024 19:15:04
Zuletzt bearbeitet 21.11.2024 09:53:01
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditionenterprise Version >= 17.2.0 < 17.2.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 17.3.0 < 17.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.132

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cve@gitlab.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-424 Improper Protection of Alternate Path

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

https://gitlab.com/gitlab-org/gitlab/-/issues/479315

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-8311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8311

EUVD