Gitlab · Gitlab Ce/Ee · CVE-2024-8311
Name of the Vulnerable Software and Affected Versions:
GitLab EE versions 17.2 through 17.2.4
GitLab EE versions 17.3 through 17.3.1
Description:
An issue was discovered with pipeline execution policies in GitLab EE, allowing authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
Recommendations:
For GitLab EE versions 17.2 through 17.2.4, update to version 17.2.5 or later.
For GitLab EE versions 17.3 through 17.3.1, update to version 17.3.2 or later.
As a temporary workaround, consider restricting the use of CI/CD templates to minimize the risk of exploitation.