Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-8311

HistorySep 12, 2024 - 7:15 p.m.

CVE-2024-8311

2024-09-1219:15:04

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-8311

gitlab ee

pipeline execution

variable overwrite

ci/cd template

unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

16.8%

JSON

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab< 16.8.4-1gitlab_16.8.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	< 16.8.4-1	gitlab_16.8.4-1_all.deb

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

16.8%

JSON

Related for DEBIANCVE:CVE-2024-8311