CVE-2024-9164

Name of the Vulnerable Software and Affected Versions GitLab EE versions 12.5 through 17.2.9 GitLab EE versions 17.3 through 17.3.5 GitLab EE versions 17.4 through 17.4.2

Description The issue is related to errors in access control, allowing a remote attacker to run Continuous Integration/Continuous Delivery (CI/CD) pipelines on arbitrary branches of a repository. It is estimated that over 4.1 million services are potentially affected. The vulnerability can be exploited by unauthorized users, posing a significant security risk to IT workflows.

Recommendations For GitLab EE versions 12.5 through 17.2.9, update to version 17.2.9 or later. For GitLab EE versions 17.3 through 17.3.5, update to version 17.3.5 or later. For GitLab EE versions 17.4 through 17.4.2, update to version 17.4.2 or later. As a temporary workaround, consider restricting access to CI/CD pipelines to minimize the risk of exploitation.