Unrated severityNVD Advisory· Published Oct 11, 2024· Updated Oct 11, 2024
Incorrect Authorization in GitLab
CVE-2024-8970
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 11.6
- (no CPE)range: >=11.6, <17.2.9; >=17.3, <17.3.5; >=17.4, <17.4.2
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2724948mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/490916mitreissue-trackingpermissions-required
News mentions
2- GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5GitLab Security Releases · Jan 8, 2025
- GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9GitLab Security Releases · Oct 9, 2024