CVE-2024-8311

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.2 through 17.2.4 GitLab EE versions 17.3 through 17.3.1

Description: An issue was discovered with pipeline execution policies in GitLab EE, allowing authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Recommendations: For GitLab EE versions 17.2 through 17.2.4, update to version 17.2.5 or later. For GitLab EE versions 17.3 through 17.3.1, update to version 17.3.2 or later. As a temporary workaround, consider restricting the use of CI/CD templates to minimize the risk of exploitation.