Lucene search
GitLabCVELIST:CVE-2024-8311HistorySep 12, 2024 - 6:27 p.m.
CVE-2024-8311 Improper Protection of Alternate Path in GitLab
2024-09-1218:27:24
CWE-424
GitLab
www.cve.org
4
cve-2024-8311
gitlab
pipeline execution
variable overwrite protection
ci/cd template
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
CNA Affected
[
{
"vendor": "GitLab",
"product": "GitLab",
"repo": "git://[email protected]:gitlab-org/gitlab.git",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "17.2",
"status": "affected",
"lessThan": "17.2.5",
"versionType": "semver"
},
{
"version": "17.3",
"status": "affected",
"lessThan": "17.3.2",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
BIT-gitlab-2024-8311
2024-09-14 07:06:34
nvd
nvd
CVE-2024-8311
2024-09-12 19:15:04
vulnrichment
vulnrichment
CVE-2024-8311 Improper Protection of Alternate Path in GitLab
2024-09-12 18:27:24
nessus
nessus
GitLab 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-8311)
2024-09-12 00:00:00
FreeBSD : Gitlab -- vulnerabilities (bcc8b21e-7122-11ef-bece-2cf05da270f3)
2024-09-13 00:00:00
cve
cve
CVE-2024-8311
2024-09-12 19:15:04
debiancve
debiancve
CVE-2024-8311
2024-09-12 19:15:04
freebsd
freebsd
Gitlab -- vulnerabilities
2024-09-11 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
Related for CVELIST:CVE-2024-8311