PT-2024-5509 · Gitlab · Gitlab Ce/Ee+1
Published
2024-08-07
·
Updated
2024-08-29
·
CVE-2024-3958
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions prior to 17.0.6
GitLab CE/EE version 17.1 prior to 17.1.4
GitLab CE/EE version 17.2 prior to 17.2.2
Description
The issue allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. This discrepancy can be exploited by a remote attacker to execute arbitrary code.
Recommendations
For GitLab CE/EE versions prior to 17.0.6, update to version 17.0.6 or later.
For GitLab CE/EE version 17.1 prior to 17.1.4, update to version 17.1.4 or later.
For GitLab CE/EE version 17.2 prior to 17.2.2, update to version 17.2.2 or later.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee