CVE-2024-9633

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.3 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2

Description The issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks. This is related to incorrect ownership assignment. An attacker can exploit this issue to conduct domain attacks due to the possibility of creating a group with a name that matches a unique Pages domain.

Recommendations For versions 16.3 through 17.4.2, update to version 17.4.2 or later. For versions 17.5 through 17.5.4, update to version 17.5.4 or later. For versions 17.6 through 17.6.2, update to version 17.6.2 or later.