CVE-2024-9164 Missing Authentication for Critical Function in GitLab

🗓️ 11 Oct 2024 11:30:42Reported by GitLabType

Issue in GitLab EE, CVE-2024-916

Reporter	Title	Published	Views	Family All 21
BDU FSTEC	The vulnerability of the Git-based software platform for collaborative code development on GitLab relates to access control errors. This allows a malicious actor to execute continuous integration and continuous delivery processes on arbitrary branches of the software.	14 Oct 202400:00	–	bdu_fstec
FreeBSD	Gitlab -- vulnerabilities	9 Oct 202400:00	–	freebsd
Circl	CVE-2024-9164	10 Oct 202409:20	–	circl
CNNVD	GitLab 安全漏洞	11 Oct 202400:00	–	cnnvd
CVE	CVE-2024-9164	11 Oct 202411:30	–	cve
Debian CVE	CVE-2024-9164	11 Oct 202411:30	–	debiancve
EUVD	EUVD-2024-49765	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (cc1ac01e-86b0-11ef-9369-2cf05da270f3)	10 Oct 202400:00	–	nessus
Tenable Nessus	GitLab 12.5 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-9164)	11 Oct 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-9164	27 Aug 202500:00	–	nessus

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "12.5",
        "status": "affected",
        "lessThan": "17.2.9",
        "versionType": "semver"
      },
      {
        "version": "17.3",
        "status": "affected",
        "lessThan": "17.3.5",
        "versionType": "semver"
      },
      {
        "version": "17.4",
        "status": "affected",
        "lessThan": "17.4.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2711204
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/493946

11 Oct 2024 11:30Current

CVSS 3.19.6

EPSS0.00911

CWE-306

gitlab ee cve-2024-9164 authentication pipelines branches