CVE Vulnerabilities

CVE-2024-8311

Improper Protection of Alternate Path

Published: Sep 12, 2024 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Weakness

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 17.2.0 (including) 17.2.5 (excluding)
Gitlab Gitlab 17.3.0 (including) 17.3.2 (excluding)

Potential Mitigations

References