An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/472603 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
11 Sep 2024, 16:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/472603 - Third Party Advisory | |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
23 Aug 2024, 16:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-22 16:15
Updated : 2024-09-11 16:52
NVD link : CVE-2024-7110
Mitre link : CVE-2024-7110
CVE.ORG link : CVE-2024-7110
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')