VYPR
Unrated severityNVD Advisory· Published Sep 12, 2024· Updated Sep 17, 2024

External Control of Critical State Data in GitLab

CVE-2024-8754

Description

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.9.7
    • (no CPE)range: >=16.9.7 <17.1.7 || >=17.2 <17.2.5 || >=17.3 <17.3.2
  • osv-coords
    Range: >= 16.9.7, < 17.1.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.