An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/486213 | Broken Link |
https://hackerone.com/reports/2687770 | Permissions Required |
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/ |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.5 |
14 Sep 2024, 15:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | |
Summary |
|
|
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/486213 - Broken Link | |
References | () https://hackerone.com/reports/2687770 - Permissions Required |
12 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-12 17:15
Updated : 2024-11-21 09:53
NVD link : CVE-2024-8640
Mitre link : CVE-2024-8640
CVE.ORG link : CVE-2024-8640
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')