CVE-2024-9773

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.6 / Impact : 2.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/498557	Exploit Issue Tracking
https://hackerone.com/reports/2671808	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.10.0::::enterprise:::

History

13 Aug 2025, 01:20

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:17.10.0::::enterprise:::
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/498557 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/498557 - Exploit, Issue Tracking
References	~~() https://hackerone.com/reports/2671808 -~~	() https://hackerone.com/reports/2671808 - Permissions Required
First Time		Gitlab gitlab Gitlab

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema en GitLab EE que afectaba a todas las versiones (desde la 14.9 hasta la 17.8.6), a todas las versiones (desde la 17.9 hasta la 17.8.3) y a todas las versiones (desde la 17.10 hasta la 17.10.1). Un problema de validación de entrada en la integración del registro Harbor podría haber permitido que un responsable añadiera código malicioso a los comandos CLI mostrados en la interfaz de usuario.

27 Mar 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 13:15

Updated : 2025-08-13 01:20

NVD link : CVE-2024-9773

Mitre link : CVE-2024-9773

CVE.ORG link : CVE-2024-9773

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2024-9773", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2025-03-27T13:15:35.523", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498557", "tags": ["Exploit", "Issue Tracking"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2671808", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI."}, {"lang": "es", "value": "Se detect\u00f3 un problema en GitLab EE que afectaba a todas las versiones (desde la 14.9 hasta la 17.8.6), a todas las versiones (desde la 17.9 hasta la 17.8.3) y a todas las versiones (desde la 17.10 hasta la 17.10.1). Un problema de validaci\u00f3n de entrada en la integraci\u00f3n del registro Harbor podr\u00eda haber permitido que un responsable a\u00f1adiera c\u00f3digo malicioso a los comandos CLI mostrados en la interfaz de usuario."}], "lastModified": "2025-08-13T01:20:58.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0087D9FB-3DDA-4DE3-BFAB-D69B51C7F94E", "versionEndExcluding": "17.8.6", "versionStartIncluding": "14.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CCB5AC8D-FAC9-4C2B-B273-53D84D1F98B7", "versionEndExcluding": "17.9.3", "versionStartIncluding": "17.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.10.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "7C528FCC-126C-4DA8-9484-91C9DFAD2585"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}