Lucene search
Ubuntu.comUB:CVE-2024-7110HistoryAug 22, 2024 - 12:00 a.m.
CVE-2024-7110
2024-08-2200:00:00
ubuntu.com
ubuntu.com
2
gitlab ee
arbitrary command execution
prompt injection
security issue
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
AI Score
7.9
Confidence
Low
EPSS
0.001
Percentile
30.4%
An issue was discovered in GitLab EE affecting all versions starting 17.0
to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an
attacker to execute arbitrary command in a victim’s pipeline through prompt
injection.
Notes
| Author | Note |
|---|---|
| mdeslaur | GitLab isn’t maintainable as a distro package, and was removed from Ubuntu because of this. We will not be fixing security issues in the gitlab package in Xenial. |
Related
osv
osv
BIT-gitlab-2024-7110
2024-08-26 08:28:53
CVE-2024-7110
2024-08-22 16:15:10
cvelist
cvelist
nessus
nessus
GitLab 17.1 < 17.1.6 / 17.2 < 17.2.4 / 17.3 < 17.3.1 (CVE-2024-7110)
2024-08-22 00:00:00
FreeBSD : Gitlab -- vulnerabilities (49ef501c-62b6-11ef-bba5-2cf05da270f3)
2024-08-25 00:00:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-7110
2024-08-22 16:15:10
debiancve
debiancve
CVE-2024-7110
2024-08-22 16:15:10
cve
cve
CVE-2024-7110
2024-08-22 16:15:10
freebsd
freebsd
Gitlab -- vulnerabilities
2024-08-21 00:00:00
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
AI Score
7.9
Confidence
Low
EPSS
0.001
Percentile
30.4%
Related for UB:CVE-2024-7110