Unrated severityNVD Advisory· Published Oct 10, 2024· Updated Oct 10, 2024
Server-Side Request Forgery (SSRF) in GitLab
CVE-2024-8977
Description
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 15.10
- (no CPE)range: >=15.10, <17.2.9; >=17.3, <17.3.5; >=17.4, <17.4.2
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2697456mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/491060mitreissue-trackingpermissions-required
News mentions
1- GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9GitLab Security Releases · Oct 9, 2024