Lucene search
HistorySep 12, 2024 - 7:15 p.m.
CVE-2024-8311
gitlab ee
pipeline execution
variable overwrite
ci/cd template
security issue
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
Affected configurations
Node
gitlabgitlabRange17.2.0–17.2.5enterprise
ORgitlabgitlabRange17.3.0–17.3.2enterprise
Related
osv
osv
BIT-gitlab-2024-8311
2024-09-14 07:06:34
vulnrichment
vulnrichment
CVE-2024-8311 Improper Protection of Alternate Path in GitLab
2024-09-12 18:27:24
nessus
nessus
GitLab 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-8311)
2024-09-12 00:00:00
FreeBSD : Gitlab -- vulnerabilities (bcc8b21e-7122-11ef-bece-2cf05da270f3)
2024-09-13 00:00:00
cvelist
cvelist
CVE-2024-8311 Improper Protection of Alternate Path in GitLab
2024-09-12 18:27:24
cve
cve
CVE-2024-8311
2024-09-12 19:15:04
debiancve
debiancve
CVE-2024-8311
2024-09-12 19:15:04
freebsd
freebsd
Gitlab -- vulnerabilities
2024-09-11 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
Related for NVD:CVE-2024-8311