Unrated severityNVD Advisory· Published Sep 12, 2024· Updated Sep 17, 2024
External Control of Critical State Data in GitLab
CVE-2024-8754
Description
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.9.7
- (no CPE)range: >=16.9.7 <17.1.7 || >=17.2 <17.2.5 || >=17.3 <17.3.2
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/464062mitreissue-trackingpermissions-required
News mentions
0No linked articles in our index yet.