CVE-2024-8970

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.6 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2

Description The issue is related to authentication errors in GitLab, allowing a remote attacker to trigger pipelines as another user under certain circumstances. This can lead to unauthorized access and control over the pipelines. The estimated number of potentially affected devices is not provided.

Recommendations For GitLab CE/EE versions 11.6 through 17.2.9, upgrade to version 17.2.9 to resolve the issue. For GitLab CE/EE versions 17.3 through 17.3.5, upgrade to version 17.3.5 to resolve the issue. For GitLab CE/EE versions 17.4 through 17.4.2, upgrade to version 17.4.2 to resolve the issue. As a temporary workaround, consider restricting access to pipeline triggers to minimize the risk of exploitation.