CVE-2024-8977

🗓️ 10 Oct 2024 10:02:10Reported by GitLabType

Security issue in GitLab EE versions 15.10 to 17.4.

Reporter	Title	Published	Views	Family All 16
FreeBSD	Gitlab -- vulnerabilities	9 Oct 202400:00	–	freebsd
Circl	CVE-2024-8977	10 Oct 202413:24	–	circl
CNNVD	GitLab Enterprise Edition 安全漏洞	10 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab	10 Oct 202410:02	–	cvelist
Debian CVE	CVE-2024-8977	10 Oct 202410:02	–	debiancve
EUVD	EUVD-2024-49517	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (cc1ac01e-86b0-11ef-9369-2cf05da270f3)	10 Oct 202400:00	–	nessus
Tenable Nessus	GitLab 15.10 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-8977)	10 Oct 202400:00	–	nessus
NCSC	Vulnerabilities fixed in Gitlab Enterprise Edition and Community Edition	11 Oct 202408:23	–	ncsc
NVD	CVE-2024-8977	10 Oct 202410:15	–	nvd

NVD

Vulners

Node

gitlab gitlabRange15.10–17.2.9enterprise

gitlab gitlabRange17.3.0–17.3.5enterprise

gitlab gitlabRange17.4.0–17.4.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "15.10",
        "status": "affected",
        "lessThan": "17.2.9",
        "versionType": "semver"
      },
      {
        "version": "17.3",
        "status": "affected",
        "lessThan": "17.3.5",
        "versionType": "semver"
      },
      {
        "version": "17.4",
        "status": "affected",
        "lessThan": "17.4.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/491060
hackerone	www.hackerone.com/reports/2697456

16 Oct 2024 17:10Current

7.8High risk

Vulners AI Score7.8

CVSS 3.18.1 - 8.2

EPSS0.00063

SSVC

CWE-918