High severity8.5NVD Advisory· Published Apr 25, 2024· Updated Jun 17, 2026
CVE-2024-2434
CVE-2024-2434
Description
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.9
- (no CPE)range: 16.9 < 16.9.6, 16.10 < 16.10.4, 16.11 < 16.11.1
- Range: 16.9 < 16.9.6, 16.10 < 16.10.4, 16.11 < 16.11.1
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/gitlab/-/issues/450303nvdExploitIssue Tracking
- hackerone.com/reports/2401952nvdPermissions Required
News mentions
1- GitLab Patch Release: 16.11.1, 16.10.4, 16.9.6GitLab Security Releases · Apr 24, 2024