CVE-2024-8311

EPSS 0.13%
Published 12.09.2024 19:15:04
Last modified 21.11.2024 09:53:01
Source cve@gitlab.com
Teams watchlist Login
Open Login

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditionenterprise Version >= 17.2.0 < 17.2.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 17.3.0 < 17.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.327

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cve@gitlab.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-424 Improper Protection of Alternate Path

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

https://gitlab.com/gitlab-org/gitlab/-/issues/479315

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-8311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8311

EUVD