CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
References
Link Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/472603 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

11 Sep 2024, 16:52

Type Values Removed Values Added
References () https://gitlab.com/gitlab-org/gitlab/-/issues/472603 - () https://gitlab.com/gitlab-org/gitlab/-/issues/472603 - Third Party Advisory
First Time Gitlab
Gitlab gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

23 Aug 2024, 16:18

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en GitLab EE que afecta a todas las versiones desde 17.0 a 17.1.6, 17.2 anterior a 17.2.4 y 17.3 anterior a 17.3.1, y permite a un atacante ejecutar comandos arbitrarios en la canalización de una víctima mediante inyección rápida.

22 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-22 16:15

Updated : 2024-09-11 16:52


NVD link : CVE-2024-7110

Mitre link : CVE-2024-7110

CVE.ORG link : CVE-2024-7110


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')