PT-2024-8695 · Gitlab · Gitlab Ce/Ee+1
Published
2024-11-13
·
Updated
2025-02-11
·
CVE-2024-9693
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 16.0 through 17.3.7
GitLab CE/EE versions 17.4 through 17.4.4
GitLab CE/EE versions 17.5 through 17.5.2
Description
The issue is related to a flaw in the authorization mechanism of GitLab CE/EE, which could allow unauthorized access to the Kubernetes agent in a cluster under specific configurations. It is estimated that over 3.7 million services are potentially affected.
Recommendations
For GitLab CE/EE versions 16.0 through 17.3.7, update to version 17.3.7 or later.
For GitLab CE/EE versions 17.4 through 17.4.4, update to version 17.4.4 or later.
For GitLab CE/EE versions 17.5 through 17.5.2, update to version 17.5.2 or later.
As a temporary workaround, consider restricting access to the Kubernetes agent in clusters with specific configurations until a patch is applied.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee