CVE-2024-9183 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

🗓️ 05 Dec 2025 16:34:00Reported by GitLabType

GitLab time of check time of use race could allow an authenticated user to access higher privilege credentials and is remediated.

Reporter	Title	Published	Views	Family All 15
FreeBSD	Gitlab -- vulnerabilities	26 Nov 202500:00	–	freebsd
Circl	CVE-2024-9183	27 Nov 202514:45	–	circl
CNNVD	GitLab 安全漏洞	5 Dec 202500:00	–	cnnvd
CVE	CVE-2024-9183	5 Dec 202516:34	–	cve
Debian CVE	CVE-2024-9183	5 Dec 202516:34	–	debiancve
EUVD	EUVD-2024-55303	5 Dec 202516:34	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (4530fc9f-cb47-11f0-85d8-2cf05da270f3)	3 Dec 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab	27 Nov 202513:35	–	ncsc
NVD	CVE-2024-9183	5 Dec 202517:16	–	nvd
OSV	BIT-GITLAB-2024-9183 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab	9 Dec 202512:02	–	osv

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "18.4.5",
        "status": "affected",
        "version": "18.4",
        "versionType": "semver"
      },
      {
        "lessThan": "18.5.3",
        "status": "affected",
        "version": "18.5",
        "versionType": "semver"
      },
      {
        "lessThan": "18.6.1",
        "status": "affected",
        "version": "18.6",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2707421
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/494478
about	www.about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/

10 Dec 2025 04:48Current

CVSS 3.17.7

EPSS0.00008

CWE-367