VYPR
Unrated severityNVD Advisory· Published Nov 14, 2024· Updated Dec 6, 2024

Incorrect Ownership Assignment in GitLab

CVE-2024-9633

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 16.3
    • (no CPE)range: >=16.3 <17.4.2 || >=17.5 <17.5.4 || >=17.6 <17.6.2
  • osv-coords
    Range: >= 16.3.0, < 17.3.7

Patches

Vulnerability mechanics

References

2

News mentions

1